Information Disclosure Vulnerability in Ruijie NBR3000D-E Gateway
CVE-2024-48783

7.5HIGH

Key Information:

Vendor: Ruijie
Status: Nbr3000d-e Firmware
Vendor: CVE Published:; 15 October 2024

Summary

An information disclosure issue has been identified in the Ruijie NBR3000D-E Gateway, allowing remote attackers to gain unauthorized access to sensitive information. This vulnerability is present in the /tool/shell/postgresql.conf component, which may expose critical configuration files to unauthorized users, increasing the risk of sensitive data leakage. Network administrators are advised to apply necessary security patches and review their configurations to mitigate potential risks associated with this vulnerability.

References

https://gist.github.com/zty-1995/8495b81e8d257e8f6df102a3...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 15, 2024