Описание
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials over unencrypted HTTP, allowing attackers to capture credentials. An attacker positioned to observe network traffic between a user and the device can intercept credentials and reuse them to gain administrative access to the gateway.
Ссылки
- Product
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 200.1.20 (включая)
Одновременно
cpe:2.3:o:sodola-network:sl902-swtgw124as_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sodola-network:sl902-swtgw124as:-:*:*:*:*:*:*:*
EPSS
Процентиль: 4%
0.00016
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-319
Связанные уязвимости
CVSS3: 5.9
github
около 1 месяца назад
SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials over unencrypted HTTP, allowing attackers to capture credentials. An attacker positioned to observe network traffic between a user and the device can intercept credentials and reuse them to gain administrative access to the gateway.
EPSS
Процентиль: 4%
0.00016
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-319