Описание
In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on port 12654) allows reading arbitrary files via ../ directory traversal in the username field. Reading ServerParameters.xml may reveal administrator credentials in cleartext or with MD5 hashing.
Ссылки
- Not Applicable
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:infodraw:pmrs-102_firmware:7.1.0.0:*:*:*:*:*:*:*
cpe:2.3:h:infodraw:pmrs-102:-:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00134
Низкий
5.8 Medium
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-24
CWE-22
Связанные уязвимости
CVSS3: 5.8
github
10 месяцев назад
In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on port 12654) allows reading arbitrary files via ../ directory traversal in the username field. Reading ServerParameters.xml may reveal administrator credentials in cleartext or with MD5 hashing.
EPSS
Процентиль: 33%
0.00134
Низкий
5.8 Medium
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-24
CWE-22