Описание
QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the '/xml/User/User.xml' file, enabling direct authentication bypass.
Ссылки
- Product
- ExploitThird Party AdvisoryVDB Entry
- Third Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:howfor:qihang_media_web_digital_signage:3.0.9:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.00996
Низкий
7.5 High
CVSS3
Дефекты
CWE-522
Связанные уязвимости
CVSS3: 7.5
github
около 2 месяцев назад
QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the '/xml/User/User.xml' file, enabling direct authentication bypass.
EPSS
Процентиль: 76%
0.00996
Низкий
7.5 High
CVSS3
Дефекты
CWE-522