CVE-2022-45227

Name of the Vulnerable Software and Affected Versions Dragino Lora LG01 18ed40 IoT version 4.3.4

Description The web portal of the affected device has a directory listing at the URL "https://10.10.20.74/lib/". This directory contains a backup file that can be downloaded without any authentication, posing a security risk. The lib directory is accessible, allowing unauthorized access to sensitive information.

Recommendations For Dragino Lora LG01 18ed40 IoT version 4.3.4, restrict access to the "https://10.10.20.74/lib/" directory to prevent unauthorized downloads of the backup file. Consider implementing proper access controls and authentication mechanisms to protect sensitive data.