Описание
The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by (2) sniffing the network for HTTP headers, and possibly by using unspecified other vectors.
Ссылки
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:huawei:d100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:huawei:d100:-:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00276
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-312
Связанные уязвимости
CVSS3: 7.5
github
почти 4 года назад
The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by (2) sniffing the network for HTTP headers, and possibly by using unspecified other vectors.
EPSS
Процентиль: 51%
0.00276
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-312