Unauthenticated Attacker Could Read device Information via HTTP HEAD Method
CVE-2024-11494
7.5HIGH
Summary
An improper authentication vulnerability exists in Zyxel's P-6101C ADSL modem, specifically in firmware version P-6101CSA6AP_20140331. This flaw enables an unauthenticated attacker to potentially access sensitive device information through crafted HTTP HEAD requests. Exploitation of this vulnerability could lead to unauthorized information disclosure, raising significant concerns for users relying on this product for network connectivity.
Affected Version(s)
P-6101C firmware P-6101CSA6AP_20140331
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved