CVE-2019-15654

Опубликовано: 19 мар. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Comba AC2400 devices are prone to password disclosure via a simple crafted /09/business/upgrade/upcfgAction.php?download=true request to the web management server. The request doesn't require any authentication and will lead to saving the DBconfig.cfg file. At the end of the file, the login information is stored in cleartext.

Ссылки

https://www.comba-telecom.com/en/news
Vendor Advisory
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=26164
Exploit
Third Party Advisory
https://www.comba-telecom.com/en/news
Vendor Advisory
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=26164
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:comba:ac2400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:comba:ac2400:-:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00405

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-306

Связанные уязвимости

GHSA-7xq3-42gv-rc2r