PT-2019-16025 · Technicolor · Connect Box Eurodocsis 3.0 Voice Gateway Ch7465Lg-Ncip

Filipi86

Publicado

2019-12-25

Atualizado

2020-01-08

CVE-2019-19967

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP version 6.12.18.25-2p6-NOSH

Description The Administration page on the device accepts a cleartext password in a POST request on port 80, specifically to the "xml/setter.xml" URI. This issue allows for the submission of passwords without encryption.

Recommendations For version 6.12.18.25-2p6-NOSH, as a temporary workaround, consider restricting access to the Administration page until a patch is available. Avoid using the cleartext password field in the POST request to the "xml/setter.xml" URI until the issue is resolved.

Exploit

Correção

Cleartext Transmission of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-319

Identificadores relacionados

CVE-2019-19967

Produtos afetados

Connect Box Eurodocsis 3.0 Voice Gateway Ch7465Lg-Ncip

PT-2019-16025 · Technicolor · Connect Box Eurodocsis 3.0 Voice Gateway Ch7465Lg-Ncip

CVE-2019-19967

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3