CVE-2017-11165

Опубликовано: 12 июл. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Критический

Описание

dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI.

Ссылки

https://packetstormsecurity.com/files/143328/DataTaker-DT80-dEX-1.50.012-Sensitive-Configuration-Exposure.html
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/42313/
Third Party Advisory
VDB Entry
https://packetstormsecurity.com/files/143328/DataTaker-DT80-dEX-1.50.012-Sensitive-Configuration-Exposure.html
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/42313/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:datataker:dt80_dex_firmware:1.50.012:*:*:*:*:*:*:*

cpe:2.3:h:datataker:dt80_dex:-:*:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.91455

Критический

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-h4fr-cprr-q23r