CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-15654

HIGH
7.5
CVSS Severity Score
EPSS Score0.1260%
EPSS Percentile20.09th
Published2020年3月19日
Last Modified2024年11月21日

Vulnerability Description

Comba AC2400 devices are prone to password disclosure via a simple crafted /09/business/upgrade/upcfgAction.php?download=true request to the web management server. The request doesn't require any authentication and will lead to saving the DBconfig.cfg file. At the end of the file, the login information is stored in cleartext.

Affected Platforms (CPE)

💻
Comba

Ac2400 Firmware

All versions

References & Advisories

🔗 https://www.comba-telecom.com/en/news
🔗 https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=26164
🔗 https://www.comba-telecom.com/en/news
🔗 https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=26164

相关漏洞威胁

CVE-2019-726810.0

Linear eMerge 50P/5000P devices allow Unauthenticated File Upload.

CVE-2019-725710.0

Linear eMerge E3-Series devices allow Unrestricted File Upload.

CVE-2019-1215310.0

Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access netw...

CVE-2019-568410.0

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader ...