PT-2020-12046 · Technicolor · Technicolor Tc7337
Published
2020-03-11
·
Updated
2020-03-17
·
CVE-2020-10376
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Technicolor TC7337NET version 08.89.17.23.03
Description
The issue allows remote attackers to discover passwords by sniffing the network for an "Authorization: Basic" HTTP header. This can be done by intercepting the
Authorization header in HTTP requests, which contains the username and password in plain text.Recommendations
For Technicolor TC7337NET version 08.89.17.23.03, consider disabling the use of Basic HTTP authentication until a patch is available. Restrict access to sensitive areas of the network to minimize the risk of exploitation. Avoid using the
Authorization: Basic header in HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Technicolor Tc7337