CVE-2020-35755

Name of the Vulnerable Software and Affected Versions: Libre Wireless LS9 LS1.5/p7040 devices (affected versions not specified)

Description: An issue was discovered that allows direct access to the device configuration NVRAM, which contains sensitive information such as the Wi-Fi password in cleartext and connected account tokens for services like Spotify. The luci service daemon running on port 7777 provides a sub-category of commands for which Read is prepended, enabling direct reading of the NVRAM contents.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.