Описание
Trivision NC-227WF firmware 5.80 (build 20141010) login mechanism reveals whether a username exists or not by returning different error messages ("Unknown user" vs. "Wrong password"), allowing an attacker to enumerate valid usernames.
Ссылки
- MitigationThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:trivisionsecurity:trivision_nc-227wf_firmware:5.80:*:*:*:*:*:*:*
cpe:2.3:h:trivisionsecurity:trivision_nc-227wf:-:*:*:*:*:*:*:*
EPSS
Процентиль: 17%
0.00053
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-204
Связанные уязвимости
CVSS3: 6.5
github
4 месяца назад
Trivision NC-227WF firmware 5.80 (build 20141010) login mechanism reveals whether a username exists or not by returning different error messages ("Unknown user" vs. "Wrong password"), allowing an attacker to enumerate valid usernames.
EPSS
Процентиль: 17%
0.00053
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-204