Description
Incorrect access control in the runReport function of MyQ Solution Print Server before 8.2 Patch 32 and Central Server before 8.2 Patch 22 allows users who do not have appropriate access rights to generate internal reports using a direct URL.
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://gist.github.com/smidtbx10/f8ff1c4977b7f54886c6a52e9ef4e816
Scores
CVSS v3
8.8
EPSS
0.0084
EPSS Percentile
53.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-863
Status
published
Products (4)
myq-solution/central_server
8.2
myq-solution/central_server
< 8.2
myq-solution/print_server
8.2
myq-solution/print_server
< 8.2
Published
Apr 26, 2023
Tracked Since
Feb 18, 2026