PT-2013-4567 · Brickcom · Ob-100Ae+4
Eliezer Varadé Lopez
+2
·
Publicado
2013-10-04
·
Atualizado
2025-03-04
·
CVE-2013-3689
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Brickcom FB-100Ap versions 3.0.6.16C1 and earlier
Brickcom WCB-100Ap versions 3.0.6.16C1 and earlier
Brickcom MD-100Ap versions 3.0.6.16C1 and earlier
Brickcom WFB-100Ap versions 3.0.6.16C1 and earlier
Brickcom OB-100Ae versions 3.0.6.16C1 and earlier
Brickcom OSD-040E versions 3.0.6.16C1 and earlier
Description
The issue allows remote attackers to obtain sensitive information, including user names, passwords, and configurations, by accessing the configfile.dump file via a get action. This is due to improper access restrictions.
Recommendations
For Brickcom FB-100Ap version 3.0.6.16C1 and earlier, update to a version later than 3.0.6.16C1.
For Brickcom WCB-100Ap version 3.0.6.16C1 and earlier, update to a version later than 3.0.6.16C1.
For Brickcom MD-100Ap version 3.0.6.16C1 and earlier, update to a version later than 3.0.6.16C1.
For Brickcom WFB-100Ap version 3.0.6.16C1 and earlier, update to a version later than 3.0.6.16C1.
For Brickcom OB-100Ae version 3.0.6.16C1 and earlier, update to a version later than 3.0.6.16C1.
For Brickcom OSD-040E version 3.0.6.16C1 and earlier, update to a version later than 3.0.6.16C1.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Wfb-100Ap
Md-100Ap
Ob-100Ae
Osd-040E
Wcb-100Ap