Filipi86

**Name of the Vulnerable Software and Affected Versions** Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP version 6.12.18.25-2p6-NOSH **Description** The Administration page on the device accepts a cleartext password in a POST request on port 80, specifically to the "xml/setter.xml" URI. This issue allows for the submission of passwords without encryption. **Recommendations** For version 6.12.18.25-2p6-NOSH, as a temporary workaround, consider restricting access to the Administration page until a patch is available. Avoid using the cleartext password field in the POST request to the "xml/setter.xml" URI until the issue is resolved.