Описание
ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with the user credentials in cleartext when a failed login attempt occurs. The file can be reached via an HTTP request. The credentials can be used to access the system via SSH (or TELNET if it is enabled).
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:ubiquoss:vp5208a_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ubiquoss:vp5208a:-:*:*:*:*:*:*:*
EPSS
Процентиль: 68%
0.00563
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-522
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with the user credentials in cleartext when a failed login attempt occurs. The file can be reached via an HTTP request. The credentials can be used to access the system via SSH (or TELNET if it is enabled).
EPSS
Процентиль: 68%
0.00563
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-522