Primary

Context

Burk Technology ARC Solo Missing Authentication Vulnerability Allowing Unauthorized Password Changes

Vulnerability

A vulnerability exists in Burk Technology ARC Solo devices running versions prior to 1.0.62, where the password change mechanism can be exploited without proper authentication. This flaw allows an attacker to send a password change request directly to the device's HTTP endpoint without valid credentials. The system fails to enforce adequate authentication or session validation, enabling unauthorized password changes and potential takeover of the device.

Impact

Exploitation of this vulnerability could lead to unauthorized access to the device, allowing an attacker to change the password, lock out authorized users, or disrupt normal operations.

Remediation

Users are advised to update their ARC Solo devices to version 1.0.62 or later. The update can be downloaded from the Burk Technology website.

Added: Aug 8, 2025, 6:21 PM

Updated: Aug 8, 2025, 9:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Burk Technology ARC Solo Missing Authentication Vulnerability Allowing Unauthorized Password Changes

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating