PT-2024-13732 · Newland · Newland Nquire 1000 Interactive Kiosk
N0Obit4
·
Published
2024-03-08
·
Updated
2024-08-26
·
CVE-2023-49341
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Newland Nquire 1000 Interactive Kiosk version NQ1000-II G V1.00.011
Description
An issue was discovered in the Newland Nquire 1000 Interactive Kiosk, allowing remote attackers to obtain sensitive information via cleartext credential storage in the backup.htm component.
Recommendations
For version NQ1000-II G V1.00.011, consider restricting access to the backup.htm component to minimize the risk of exploitation. As a temporary workaround, avoid using the backup.htm component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.
Exploit
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Newland Nquire 1000 Interactive Kiosk