CVE-2018-7246

Name of the Vulnerable Software and Affected Versions MGE Network Management Card Transverse versions 66074

Description The issue is related to the transmission of sensitive information in cleartext by the integrated web server of the affected device. This could allow a remote attacker to obtain administrative account data. The vulnerability is exploited through the web server, specifically when accessing the "Access Control" page, which may send account data in cleartext if SSL is not used in the device settings.

Recommendations For MGE Network Management Card Transverse version 66074, consider configuring the device to use SSL in its settings to encrypt the transmission of sensitive information. As a temporary workaround, restrict access to the "Access Control" page (IP-address device/ups/pas cont.htm) to minimize the risk of exploitation. Ensure that the integrated web server (Port 80/443/TCP) is properly secured to prevent unauthorized access.