CyberSec.Space Logo
返回 CVE 浏览器

CVE-2014-8329

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0750%
EPSS Percentile9.94th
Published2014年10月20日
Last Modified2026年5月6日

Vulnerability Description

Schrack Technik microControl with firmware before 1.7.0 (937) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain access data for the ftp and telnet services via a direct request for ZTPUsrDtls.txt.

Affected Platforms (CPE)

💻
Schrack

Technik Microcontrol Firmware

<= 1.7.0
🔌
Schrack

Technik Microcontrol

All versions

References & Advisories

🔗 http://seclists.org/fulldisclosure/2014/Jul/40
🔗 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140710-2_Schrack_Technik_Microcontrol_Multiple_critical_vulnerabilities_v10.txt
🔗 http://seclists.org/fulldisclosure/2014/Jul/40
🔗 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140710-2_Schrack_Technik_Microcontrol_Multiple_critical_vulnerabilities_v10.txt

相关漏洞威胁

CVE-2014-53967.5

The web interface in Schrack Technik microControl with firmware before 1.7.0 (937) has a hardcoded password of not for the "user" ...

CVE-2014-53824.3

Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Schrack Technik microControl with firmware 1.7.0 (937)...

CVE-2014-252310.0

net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows re...

CVE-2014-130010.0

Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote attackers to execute arbitrary code with root privileges via...