CVE-2024-36081

Name of the Vulnerable Software and Affected Versions Westermo EDW-100 devices through 2024-05-03

Description The issue is related to the storage of a password in cleartext in a configuration file. An unauthenticated user can download this configuration file, potentially revealing the username and password for an arbitrary user account by sending a specially crafted GET request. This device is a serial-to-Ethernet converter and should not be placed at the edge of the network.

Recommendations For Westermo EDW-100 devices through 2024-05-03, consider restricting access to the configuration file until a patch is available. As a temporary workaround, limit the exposure of these devices by not placing them at the edge of the network. At the moment, there is no information about a newer version that contains a fix for this vulnerability.