CVE-2020-25746

Name of the Vulnerable Software and Affected Versions QED ResourceXpress Qubi3 versions prior to 1.40.9

Description The issue allows a local attacker with physical access to the device to obtain sensitive information via the debug interface. This is done by capturing keystrokes over a USB cable, which can lead to the exposure of the wireless password.

Recommendations For versions prior to 1.40.9, update to version 1.40.9 or later to resolve the issue. As a temporary workaround, consider disabling the debug interface to prevent exploitation. Restrict physical access to the device to minimize the risk of sensitive information being obtained.