PT-2013-4567 · Brickcom · Ob-100Ae+4
Eliezer Varadé Lopez
+2
·
Published
2013-10-04
·
Updated
2025-03-04
·
CVE-2013-3689
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Brickcom FB-100Ap versions 3.0.6.16C1 and earlier
Brickcom WCB-100Ap versions 3.0.6.16C1 and earlier
Brickcom MD-100Ap versions 3.0.6.16C1 and earlier
Brickcom WFB-100Ap versions 3.0.6.16C1 and earlier
Brickcom OB-100Ae versions 3.0.6.16C1 and earlier
Brickcom OSD-040E versions 3.0.6.16C1 and earlier
Description
The issue allows remote attackers to obtain sensitive information, including user names, passwords, and configurations, by accessing the configfile.dump file via a get action. This is due to improper access restrictions.
Recommendations
For Brickcom FB-100Ap version 3.0.6.16C1 and earlier, update to a version later than 3.0.6.16C1.
For Brickcom WCB-100Ap version 3.0.6.16C1 and earlier, update to a version later than 3.0.6.16C1.
For Brickcom MD-100Ap version 3.0.6.16C1 and earlier, update to a version later than 3.0.6.16C1.
For Brickcom WFB-100Ap version 3.0.6.16C1 and earlier, update to a version later than 3.0.6.16C1.
For Brickcom OB-100Ae version 3.0.6.16C1 and earlier, update to a version later than 3.0.6.16C1.
For Brickcom OSD-040E version 3.0.6.16C1 and earlier, update to a version later than 3.0.6.16C1.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wfb-100Ap
Md-100Ap
Ob-100Ae
Osd-040E
Wcb-100Ap