Sensitive Information Exposure in Netis DL4323 Devices
CVE-2019-20074

8.8HIGH

Key Information:

Vendor: Netis-systems
Status: Dl4343 Firmware
Vendor: CVE Published:; 30 December 2019

🔔 Create Netis-systems Vulnerability Alert

What is CVE-2019-20074?

Netis DL4323 devices exhibit a vulnerability that allows any user role to access sensitive information through the form2saveConf.cgi page. This includes critical details such as user passwords and FTP passwords, potentially compromising user accounts and overall security. Given the ease of access to this information, affected users should implement immediate security measures and update their devices to mitigate the risks associated with this vulnerability.

References

https://drive.google.com/open?id=1MH6DMhP1JsV_RptGXDze0Vo...

x_refsource_MISC

https://fatihhcelik.blogspot.com/2019/12/clear-text-passw...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 30, 2019
Vulnerability Reserved
Dec 29, 2019