Описание
A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser.
Ссылки
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:proges:sensor_net_connect_firmware_v2:2.24:*:*:*:*:*:*:*
cpe:2.3:h:proges:sensor_net_connect_v2:-:*:*:*:*:*:*:*
EPSS
Процентиль: 24%
0.00081
Низкий
4.2 Medium
CVSS3
4.6 Medium
CVSS3
Дефекты
CWE-201
NVD-CWE-Other
Связанные уязвимости
CVSS3: 4.2
github
больше 1 года назад
A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser.
EPSS
Процентиль: 24%
0.00081
Низкий
4.2 Medium
CVSS3
4.6 Medium
CVSS3
Дефекты
CWE-201
NVD-CWE-Other