CyberSec.Space Logo
Back to CVE Browser

CVE-2019-9976

HIGH
8.8
CVSS Severity Score
EPSS Score0.1930%
EPSS Percentile10.67th
PublishedApr 11, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web interface users.

Affected Platforms (CPE)

💻
Dasannetworks

H660rm Firmware

= 1.03-0022

References & Advisories

🔗 https://blog.burghardt.pl/2019/03/boa-webserver-on-dasan-h660rm-devices-with-firmware-1-03-0022-saves-post-data-including-credentials-to-tmp-boa-temp/
🔗 https://blog.burghardt.pl/2019/03/boa-webserver-on-dasan-h660rm-devices-with-firmware-1-03-0022-saves-post-data-including-credentials-to-tmp-boa-temp/

Related Vulnerabilities

CVE-2019-99749.1

diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to...

CVE-2019-99757.5

DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...