CVE-2010-0214

The administrative interface on the PolyVision RoomWizard with firmware 3.2.3 places the Sync Connector Active Directory (AD) credentials in a web form that is accessed over HTTP on port 80, which allows remote attackers to obtain sensitive information by reading the HTML source code corresponding to the /admin/sign/DeviceSynch URI.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
VendorProductVersion
polyvisionroomwizard_firmware
3.2.3
polyvisionroomwizard
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.org/files/view/97291/roomwizard-disclose.txt
http://seclists.org/fulldisclosure/2011/Jan/58
http://www.kb.cert.org/vuls/id/870601
http://www.securityfocus.com/bid/45699
http://www.vupen.com/english/advisories/2011/0059
https://exchange.xforce.ibmcloud.com/vulnerabilities/64543
http://packetstormsecurity.org/files/view/97291/roomwizard-disclose.txt
http://seclists.org/fulldisclosure/2011/Jan/58
http://www.kb.cert.org/vuls/id/870601
http://www.securityfocus.com/bid/45699
http://www.vupen.com/english/advisories/2011/0059
https://exchange.xforce.ibmcloud.com/vulnerabilities/64543