CyberSec.Space Logo
Back to CVE Browser

CVE-2014-8329

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0750%
EPSS Percentile9.94th
PublishedOct 20, 2014
Last ModifiedMay 6, 2026

Vulnerability Description

Schrack Technik microControl with firmware before 1.7.0 (937) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain access data for the ftp and telnet services via a direct request for ZTPUsrDtls.txt.

Affected Platforms (CPE)

πŸ’»
Schrack

Technik Microcontrol Firmware

<= 1.7.0
πŸ”Œ
Schrack

Technik Microcontrol

All versions

References & Advisories

πŸ”— http://seclists.org/fulldisclosure/2014/Jul/40
πŸ”— https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140710-2_Schrack_Technik_Microcontrol_Multiple_critical_vulnerabilities_v10.txt
πŸ”— http://seclists.org/fulldisclosure/2014/Jul/40
πŸ”— https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140710-2_Schrack_Technik_Microcontrol_Multiple_critical_vulnerabilities_v10.txt

Related Vulnerabilities

CVE-2014-53967.5

The web interface in Schrack Technik microControl with firmware before 1.7.0 (937) has a hardcoded password of not for the "user" ...

CVE-2014-53824.3

Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Schrack Technik microControl with firmware 1.7.0 (937)...

CVE-2014-049810.0

Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Ma...

CVE-2014-052310.0

Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code...