CVE-2019-18231

Name of the Vulnerable Software and Affected Versions Advantech Spectre RT ERT351 versions 5.1.3 and prior

Description The issue is related to the transmission of logins and passwords in clear text form, which may allow an attacker to intercept the request. This is due to the use of the HTTP protocol by default, which implements basic HTTP authorization. Exploitation of this issue may allow a remote attacker to intercept administrator credentials and other confidential information transmitted during administration.

Recommendations For versions 5.1.3 and prior, consider disabling the use of HTTP protocol for login and password transmission until a secure protocol is implemented. Restrict access to the administration interface to minimize the risk of exploitation. Avoid using the default basic HTTP authorization method until the issue is resolved.