CyberSec.Space Logo
Back to CVE Browser

CVE-2019-15654

HIGH
7.5
CVSS Severity Score
EPSS Score0.1260%
EPSS Percentile20.09th
PublishedMar 19, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

Comba AC2400 devices are prone to password disclosure via a simple crafted /09/business/upgrade/upcfgAction.php?download=true request to the web management server. The request doesn't require any authentication and will lead to saving the DBconfig.cfg file. At the end of the file, the login information is stored in cleartext.

Affected Platforms (CPE)

πŸ’»
Comba

Ac2400 Firmware

All versions

References & Advisories

πŸ”— https://www.comba-telecom.com/en/news
πŸ”— https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=26164
πŸ”— https://www.comba-telecom.com/en/news
πŸ”— https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=26164

Related Vulnerabilities

CVE-2019-1095910.0

BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does...

CVE-2019-1215310.0

Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access netw...

CVE-2019-954810.0

Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control.

CVE-2019-726810.0

Linear eMerge 50P/5000P devices allow Unauthenticated File Upload.