Описание
KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect access control. Credentials will always be returned in plain-text from the local server during the KACO XP100U authentication process, regardless of whatever passwords have been provided, which leads to an information disclosure vulnerability.
Ссылки
- ExploitTechnical DescriptionThird Party Advisory
- Third Party Advisory
- Third Party AdvisoryUS Government Resource
- ExploitTechnical DescriptionThird Party Advisory
- Third Party Advisory
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:kaco-newenergy:xp100u_firmware:xp-java_2.0:*:*:*:*:*:*:*
cpe:2.3:h:kaco-newenergy:xp100u:-:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00437
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-522
Связанные уязвимости
github
больше 3 лет назад
KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect access control. Credentials will always be returned in plain-text from the local server during the KACO XP100U authentication process, regardless of whatever passwords have been provided, which leads to an information disclosure vulnerability.
EPSS
Процентиль: 63%
0.00437
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-522