exploitDog

CVE-2019-20074

Опубликовано: 30 дек. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 4

EPSS Низкий

Описание

On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page.

Ссылки

https://drive.google.com/open?id=1MH6DMhP1JsV_RptGXDze0Vo9MDuCH9se
Third Party Advisory
https://fatihhcelik.blogspot.com/2019/12/clear-text-password-netis-dl4323.html
Third Party Advisory
https://drive.google.com/open?id=1MH6DMhP1JsV_RptGXDze0Vo9MDuCH9se
Third Party Advisory
https://fatihhcelik.blogspot.com/2019/12/clear-text-password-netis-dl4323.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:netis-systems:dl4343_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netis-systems:dl4343:-:*:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00174

Низкий

8.8 High

CVSS3

4 Medium

CVSS2

Дефекты

CWE-269

Связанные уязвимости

GHSA-2vfj-3h9f-v378

github

больше 3 лет назад

On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page.

EPSS

Процентиль: 39%

0.00174

Низкий

8.8 High

CVSS3

4 Medium

CVSS2

Дефекты

CWE-269