CVE-2020-28946

Name of the Vulnerable Software and Affected Versions Plum IK-401 devices with firmware before 1.02

Description The issue is related to an improper webserver configuration, allowing an attacker with network access to the device to obtain the configuration file, including hashed credential data, with a single unauthenticated GET request.

Recommendations For Plum IK-401 devices with firmware before 1.02, update the firmware to version 1.02 or later to resolve the issue. As a temporary workaround, consider restricting network access to the device to minimize the risk of exploitation.