CVE-2019-3942
EUVD-2019-1354901.04.2020, 17:15
Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| advantech | webaccess | 8.3.4 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-284 - Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
- CWE-522 - Insufficiently Protected CredentialsThe product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.