Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.
Credits
Andrea Palanca of Nozomi Networks found this bug during a security research activity.
