CVE-2019-20074

On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
netis-systemsdl4343_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://drive.google.com/open?id=1MH6DMhP1JsV_RptGXDze0Vo9MDuCH9se
https://fatihhcelik.blogspot.com/2019/12/clear-text-password-netis-dl4323.html
https://drive.google.com/open?id=1MH6DMhP1JsV_RptGXDze0Vo9MDuCH9se
https://fatihhcelik.blogspot.com/2019/12/clear-text-password-netis-dl4323.html