CVE-2020-7227

EUVD-2020-28355
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, backup.asp, sys-power.asp, ifaces-wls.asp, ifaces-wls-pkt.asp, and ifaces-wls-pkt-adv.asp.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
Affected Products (NVD)
VendorProductVersion
westermomrd-315_firmware
1.7.3
westermomrd-315_firmware
1.7.4
𝑥
= Vulnerable software versions
References
https://sku11army.blogspot.com/2020/01/westermo-source-code-disclousure-in.html
https://sku11army.blogspot.com/2020/01/westermo-source-code-disclousure-in.html