CVE-2020-7227

Name of the Vulnerable Software and Affected Versions Westermo MRD-315 versions 1.7.3 through 1.7.4

Description The issue allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects several API endpoints, including "ifaces-diag.asp", "system.asp", "backup.asp", "sys-power.asp", "ifaces-wls.asp", "ifaces-wls-pkt.asp", and "ifaces-wls-pkt-adv.asp".

Recommendations For versions 1.7.3 and 1.7.4, consider restricting access to the affected API endpoints until a patch is available. As a temporary workaround, avoid making requests that lack mandatory parameters to the affected endpoints. Restrict access to the web application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.