AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful authentication bypass attack.
References
Link | Resource |
---|---|
https://www.exploit-db.com/exploits/47819 | Exploit Third Party Advisory VDB Entry |
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5550.php | Exploit Third Party Advisory |
https://cwe.mitre.org/data/definitions/522.html | Technical Description |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Information
Published : 2021-04-28 08:15
Updated : 2022-10-26 08:15
NVD link : CVE-2020-21994
Mitre link : CVE-2020-21994
JSON object : View
CWE
CWE-522
Insufficiently Protected Credentials
Products Affected
ave
- ts05n-v_firmware
- ts01_firmware
- ts05_firmware
- ts04x-v_firmware
- ts04x-v
- ts01
- ts03x-v
- ts03x-v_firmware
- ts05
- 53ab-wbs_firmware
- ts05n-v
- dominaplus
- 53ab-wbs