CVE-2020-13896

Name of the Vulnerable Software and Affected Versions Maipu MP1800X-50 version 7.5.3.14(R)

Description The issue is related to insufficient access control in the web interface of the Maipu MP1800X-50 device. This allows a remote attacker to obtain sensitive information. The affected URI is "form/formDeviceVerGet", which can disclose details such as system id, hardware model, hardware version, bootloader version, software version, software image file, compilation time, and system uptime.

Recommendations For version 7.5.3.14(R), consider restricting access to the "form/formDeviceVerGet" URI to minimize the risk of exploitation. Additionally, limit the disclosure of sensitive information through the web interface until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.