CVE-2020-25011

Name of the Vulnerable Software and Affected Versions Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers version R0002.P05

Description A sensitive information disclosure issue allows remote attackers to obtain username and password by requesting the "/cgi-bin/webadminget.cgi" API endpoint via a browser.

Recommendations For version R0002.P05, consider restricting access to the "/cgi-bin/webadminget.cgi" API endpoint to minimize the risk of exploitation. Avoid using this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.