Описание
An issue was discovered in DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. The troubleshooting_logs_download.php log file download functionality does not check the session cookie. Thus, an attacker can download all log files.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Not Applicable
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Not Applicable
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:commscope:dg3450_firmware:ar01.02.056.18_041520_711.ncs.10:*:*:*:*:*:*:*
cpe:2.3:h:commscope:dg3450:-:*:*:*:*:*:*:*
EPSS
Процентиль: 46%
0.00235
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-306
CWE-306
Связанные уязвимости
CVSS3: 5.3
github
почти 3 года назад
An issue was discovered in DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. The troubleshooting_logs_download.php log file download functionality does not check the session cookie. Thus, an attacker can download all log files.
EPSS
Процентиль: 46%
0.00235
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-306
CWE-306