MEDIA NAVI Inc SMACom v1.2 was discovered to contain an insecure session validation vulnerability in the session handling of the `password` authentication parameter of the wifi photo transfer module. This vulnerability allows attackers with network access privileges or on public wifi networks to read the authentication credentials and follow-up requests containing the user password via a man in the middle attack.
References
Link | Resource |
---|---|
https://www.vulnerability-lab.com/get_content.php?id=2211 | Exploit Third Party Advisory |
https://cwe.mitre.org/data/definitions/522.html | Technical Description |
Configurations
Information
Published : 2021-10-22 13:15
Updated : 2022-11-04 19:05
NVD link : CVE-2020-23036
Mitre link : CVE-2020-23036
JSON object : View
CWE
CWE-522
Insufficiently Protected Credentials
Products Affected
medianavi
- smacom