PT-2016-4434 · Eaton · Eaton Lighting Eg2 Web Control

Published

2016-04-06

Updated

2016-04-07

CVE-2016-0871

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Eaton Lighting EG2 Web Control versions 4.04P and earlier

Description The issue allows remote attackers to read the configuration file, which can lead to the discovery of credentials, by making a direct request.

Recommendations For versions 4.04P and earlier, update to a version later than 4.04P to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2016-0871

Affected Products

Eaton Lighting Eg2 Web Control

PT-2016-4434 · Eaton · Eaton Lighting Eg2 Web Control

CVE-2016-0871

Weakness Enumeration

Related Identifiers

Affected Products

References · 3