Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-35750

Summary
Assigner-zdi
Assigner Org ID-99f1926a-a320-47d8-bbb5-42feb611262e
Published At-03 May, 2024 | 01:58
Updated At-18 Sep, 2024 | 18:29
Rejected At-
Credits

D-Link DAP-2622 DDP Get SSID List WPA PSK Information Disclosure Vulnerability

D-Link DAP-2622 DDP Get SSID List WPA PSK Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. . Was ZDI-CAN-20078.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:zdi
Assigner Org ID:99f1926a-a320-47d8-bbb5-42feb611262e
Published At:03 May, 2024 | 01:58
Updated At:18 Sep, 2024 | 18:29
Rejected At:
▼CVE Numbering Authority (CNA)
D-Link DAP-2622 DDP Get SSID List WPA PSK Information Disclosure Vulnerability

D-Link DAP-2622 DDP Get SSID List WPA PSK Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. . Was ZDI-CAN-20078.

Affected Products
Vendor
D-Link CorporationD-Link
Product
DAP-2622
Default Status
unknown
Versions
Affected
  • 1.00 dated 16-12-2020
Problem Types
TypeCWE IDDescription
CWECWE-200CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Type: CWE
CWE ID: CWE-200
Description: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Metrics
VersionBase scoreBase severityVector
3.07.4HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Version: 3.0
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zerodayinitiative.com/advisories/ZDI-23-1255/
x_research-advisory
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10349
vendor-advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-23-1255/
Resource:
x_research-advisory
Hyperlink: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10349
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
D-Link Corporationdlink
Product
dap_2622_firmware
CPEs
  • cpe:2.3:o:dlink:dap_2622_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 1.00 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zerodayinitiative.com/advisories/ZDI-23-1255/
x_research-advisory
x_transferred
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10349
vendor-advisory
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-23-1255/
Resource:
x_research-advisory
x_transferred
Hyperlink: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10349
Resource:
vendor-advisory
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:zdi-disclosures@trendmicro.com
Published At:03 May, 2024 | 02:15
Updated At:13 May, 2025 | 13:54

D-Link DAP-2622 DDP Get SSID List WPA PSK Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. . Was ZDI-CAN-20078.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary3.07.4HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.0
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CPE Matches
D-Link Corporation
dlink
>>dap-2622_firmware>>Versions before 1.10b03r022(exclusive)
cpe:2.3:o:dlink:dap-2622_firmware:*:*:*:*:*:*:*:*
D-Link Corporation
dlink
>>dap-2622>>-
cpe:2.3:h:dlink:dap-2622:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Secondaryzdi-disclosures@trendmicro.com
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: CWE-200
Type: Secondary
Source: zdi-disclosures@trendmicro.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10349zdi-disclosures@trendmicro.com
Vendor Advisory
Patch
https://www.zerodayinitiative.com/advisories/ZDI-23-1255/zdi-disclosures@trendmicro.com
Third Party Advisory
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10349af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Patch
https://www.zerodayinitiative.com/advisories/ZDI-23-1255/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10349
Source: zdi-disclosures@trendmicro.com
Resource:
Vendor Advisory
Patch
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-23-1255/
Source: zdi-disclosures@trendmicro.com
Resource:
Third Party Advisory
Hyperlink: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10349
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Patch
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-23-1255/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

66Records found
CVE-2023-40058
Matching Score-4
Assigner-SolarWinds
ShareView Details
Matching Score-4
Assigner-SolarWinds
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 49.87%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 16:14
Updated-27 Aug, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sensitive Information Disclosure Vulnerability

Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment.

Action-Not Available
Vendor-SolarWinds Worldwide, LLC.
Product-access_rights_managerAccess Rights Manager
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-36908
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 44.71%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:08
Updated-09 Jul, 2025 | 13:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Information Disclosure Vulnerability

Windows Hyper-V Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_11_21h2windows_10_22h2windows_server_2022windows_10windows_11_22h2windows_server_2019windows_10_1607Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2012 R2 (Server Core installation)Windows Server 2012Windows Server 2022Windows 10 Version 1507Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019Windows 10 Version 22H2Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows 11 version 21H2Windows Server 2019 (Server Core installation)Windows Server 2016
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-21129
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.80%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 17:34
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wac505_firmwarewac510_firmwarewac505wac510n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-21143
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 40.02%
||
7 Day CHG~0.00%
Published-21 Apr, 2020 | 20:59
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR GS810EMX devices before 1.0.0.5 are affected by disclosure of sensitive information.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-gs810emx_firmwaregs810emxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-32051
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 10.20%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 05:45
Updated-02 Aug, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insertion of sensitive information into log file issue exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with access to the device may obtain sensitive information.

Action-Not Available
Vendor-RoamWiFi Technology Co., Ltd.roamwifi
Product-RoamWiFi R10r10
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2018-16264
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.61%
||
7 Day CHG~0.00%
Published-22 Jan, 2020 | 12:42
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The BlueZ system service in Tizen allows an unprivileged process to partially control Bluetooth or acquire sensitive information, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSamsung
Product-galaxy_geartizenn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-27403
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.73% / 81.69%
||
7 Day CHG~0.00%
Published-10 Nov, 2020 | 17:18
Updated-04 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows an attacker on the adjacent network to arbitrarily browse and download sensitive files over an insecure web server running on port 7989 that lists all files & directories. An unprivileged remote attacker on the adjacent network, can download most system files, leading to serious critical information disclosure. Also, some TV models and/or FW versions may expose the webserver with the entire filesystem accessible on another port. For example, nmap scan for all ports run directly from the TV model U43P6046 (Android 8.0) showed port 7983 not mentioned in the original CVE description, but containing the same directory listing of the entire filesystem. This webserver is bound (at least) to localhost interface and accessible freely to all unprivileged installed apps on the Android such as a regular web browser. Any app can therefore read any files of any other apps including Android system settings including sensitive data such as saved passwords, private keys etc.

Action-Not Available
Vendor-n/aTCL
Product-40s330_firmware43s434_firmware40s33043s43465s43450s434_firmware50s43465s434_firmware75s434_firmware55s43432s33075s43455s434_firmware32s330_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-1430
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 13.63%
||
7 Day CHG~0.00%
Published-11 Feb, 2024 | 00:31
Updated-25 Aug, 2024 | 06:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netgear R7000 Web Management Interface currentsetting.htm information disclosure

A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r7000_firmwarer7000R7000r7000_firmware
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-9476
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-16.07% / 94.53%
||
7 Day CHG~0.00%
Published-31 Jul, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices makes it easy for remote attackers to determine the hidden SSID and passphrase for a Home Security Wi-Fi network.

Action-Not Available
Vendor-commscopen/aCisco Systems, Inc.
Product-dpc3939_firmwarearris_tg1682gdpc3939arris_tg1682g_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-18752
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 24.99%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 16:15
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 before 1.0.1.12, R8000 before 1.0.3.24, and R8500 before 1.0.2.94.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8500ex6130_firmwarer6700r8000r7000ex3800_firmwarer7900r6900ex3700r8500_firmwarer7300dst_firmwarer6900_firmwareex3800r7900_firmwarer7000_firmwareex3700_firmwarer6300r7300dstex6120r6300_firmwarer6700_firmwareex6130ex6120_firmwarer8000_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-18853
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.41% / 60.53%
||
7 Day CHG~0.00%
Published-29 Apr, 2020 | 13:10
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by password recovery and file access. This affects D8500 1.0.3.27 and earlier, DGN2200v4 1.0.0.82 and earlier, R6300v2 1.0.4.06 and earlier, R6400 1.0.1.20 and earlier, R6400v2 1.0.2.18 and earlier, R6700 1.0.1.22 and earlier, R6900 1.0.1.20 and earlier, R7000 1.0.7.10 and earlier, R7000P 1.0.0.58 and earlier, R7100LG 1.0.0.28 and earlier, R7300DST 1.0.0.52 and earlier, R7900 1.0.1.12 and earlier, R8000 1.0.3.46 and earlier, R8300 1.0.2.86 and earlier, R8500 1.0.2.86 and earlier, WNDR3400v3 1.0.1.8 and earlier, and WNDR4500v2 1.0.0.62 and earlier.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8000r6400_firmwarer7100lgr7900wndr3400r8300r7100lg_firmwarer7300dst_firmwarer8500_firmwaredgn2200r7000_firmwarewndr4500r7300dstr6300_firmwared8500_firmwarer7000p_firmwarer8500d8500wndr3400_firmwarer6700r8300_firmwarer7000wndr4500_firmwarer6900r7000pdgn2200_firmwarer6900_firmwarer7900_firmwarer6300r6400r6700_firmwarer8000_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-18713
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.36%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:34
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D7800 before 1.0.1.28, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d7800_firmwarer9000_firmwarer6700wndr4500_firmwared7800r6900r9000r7500wndr4300_firmwarer7500_firmwarer6900_firmwarer7800wndr4500wndr4300r7800_firmwarer6700_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-0553
Matching Score-4
Assigner-Zephyr Project
ShareView Details
Matching Score-4
Assigner-Zephyr Project
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 3.72%
||
7 Day CHG~0.00%
Published-11 Jan, 2023 | 00:00
Updated-09 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Possible to retrieve uncrypted firmware image

There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily.

Action-Not Available
Vendor-Zephyr Project
Product-zephyrzephyr
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2024-46437
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.39% / 59.49%
||
7 Day CHG~0.00%
Published-10 Feb, 2025 | 00:00
Updated-25 Mar, 2025 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an unauthenticated remote attacker to retrieve sensitive configuration information, including WiFi SSID, WiFi password, and base64-encoded administrator credentials, by sending a specially crafted HTTP POST request to the getQuickCfgWifiAndLogin function, bypassing authentication checks.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-w18e_firmwarew18en/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-20869
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 46.83%
||
7 Day CHG~0.00%
Published-04 Jan, 2022 | 03:05
Updated-03 Aug, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, and bizhub 4752/4052 GC9-X4 and earlier) allows an attacker on the adjacent network to obtain some of user credentials if LDAP server authentication is enabled via a specific SOAP message.

Action-Not Available
Vendor-konicaminoltaKONICA MINOLTA, INC.
Product-bizhub_c759_firmwarebizhub_c754ebizhub_c3351_firmwarebizhub_300i_firmwarebizhub_c257i_firmwarebizhub_654bizhub_c3851bizhub_958bizhub_c287i_firmwarebizhub_558e_firmwarebizhub_308bizhub_c658bizhub_284ebizhub_c364ebizhub_360ibizhub_c750ibizhub_754ebizhub_808_firmwarebizhub_458bizhub_c454_firmwarebizhub_c300i_firmwarebizhub_c558bizhub_c364_firmwarebizhub_754bizhub_c554_firmwarebizhub_368_firmwarebizhub_4700i_firmwarebizhub_454e_firmwarebizhub_558_firmwarebizhub_284e_firmwarebizhub_458e_firmwarebizhub_c3350i_firmwarebizhub_c554bizhub_650ibizhub_c3851fs_firmwarebizhub_c650ibizhub_c300ibizhub_c754_firmwarebizhub_246i_firmwarebizhub_368ebizhub_558bizhub_654e_firmwarebizhub_306ibizhub_306i_firmwarebizhub_c3851_firmwarebizhub_4750ibizhub_654ebizhub_c227ibizhub_c3300ibizhub_808bizhub_c4000i_firmwarebizhub_266i_firmwarebizhub_c4050ibizhub_550i_firmwarebizhub_287_firmwarebizhub_558ebizhub_c3350ibizhub_650i_firmwarebizhub_4052bizhub_c554ebizhub_226i_firmwarebizhub_c284_firmwarebizhub_4750i_firmwarebizhub_754e_firmwarebizhub_458_firmwarebizhub_4700ibizhub_450i_firmwarebizhub_c654ebizhub_266ibizhub_c368bizhub_360i_firmwarebizhub_c308bizhub_c287ibizhub_c360ibizhub_300ibizhub_c754bizhub_c3300i_firmwarebizhub_246ibizhub_c224_firmwarebizhub_c3351bizhub_308e_firmwarebizhub_c257ibizhub_c284ebizhub_550ibizhub_c284e_firmwarebizhub_c224e_firmwarebizhub_c759bizhub_c659bizhub_c450i_firmwarebizhub_c287bizhub_c658_firmwarebizhub_c308_firmwarebizhub_c227_firmwarebizhub_c754e_firmwarebizhub_c659_firmwarebizhub_c454ebizhub_c450ibizhub_c284bizhub_654_firmwarebizhub_c3320i_firmwarebizhub_287bizhub_368bizhub_750i_firmwarebizhub_750ibizhub_4050i_firmwarebizhub_308_firmwarebizhub_4752bizhub_c654bizhub_c458bizhub_c558_firmwarebizhub_758bizhub_c4050i_firmwarebizhub_4752_firmwarebizhub_c550ibizhub_c750i_firmwarebizhub_c3851fsbizhub_c227i_firmwarebizhub_c364e_firmwarebizhub_958_firmwarebizhub_227_firmwarebizhub_c224bizhub_c258bizhub_c554e_firmwarebizhub_c250i_firmwarebizhub_450ibizhub_c650i_firmwarebizhub_c550i_firmwarebizhub_658ebizhub_c458_firmwarebizhub_4052_firmwarebizhub_c368_firmwarebizhub_454ebizhub_c360i_firmwarebizhub_368e_firmwarebizhub_c224ebizhub_c454bizhub_4050ibizhub_226ibizhub_554ebizhub_c364bizhub_c250ibizhub_364e_firmwarebizhub_224ebizhub_c4000ibizhub_458ebizhub_554e_firmwarebizhub_758_firmwarebizhub_c3320ibizhub_364ebizhub_c287_firmwarebizhub_224e_firmwarebizhub_754_firmwarebizhub_c654e_firmwarebizhub_c258_firmwarebizhub_c454e_firmwarebizhub_227bizhub_c654_firmwarebizhub_c227bizhub_658e_firmwarebizhub_308ebizhub series
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-20871
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 54.81%
||
7 Day CHG~0.00%
Published-04 Jan, 2022 | 03:05
Updated-03 Aug, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, and bizhub 4752/4052 GC9-X4 and earlier) allows an attacker on the adjacent network to obtain the credentials if the destination information including credentials are registered in the address book via a specific SOAP message.

Action-Not Available
Vendor-konicaminoltaKONICA MINOLTA, INC.
Product-bizhub_c759_firmwarebizhub_c754ebizhub_c3351_firmwarebizhub_300i_firmwarebizhub_c257i_firmwarebizhub_654bizhub_c3851bizhub_958bizhub_c287i_firmwarebizhub_558e_firmwarebizhub_308bizhub_c658bizhub_284ebizhub_c364ebizhub_360ibizhub_c750ibizhub_754ebizhub_808_firmwarebizhub_458bizhub_c454_firmwarebizhub_c300i_firmwarebizhub_c558bizhub_c364_firmwarebizhub_754bizhub_c554_firmwarebizhub_368_firmwarebizhub_4700i_firmwarebizhub_454e_firmwarebizhub_558_firmwarebizhub_284e_firmwarebizhub_458e_firmwarebizhub_c3350i_firmwarebizhub_c554bizhub_650ibizhub_c3851fs_firmwarebizhub_c650ibizhub_c300ibizhub_c754_firmwarebizhub_246i_firmwarebizhub_368ebizhub_558bizhub_654e_firmwarebizhub_306ibizhub_306i_firmwarebizhub_c3851_firmwarebizhub_4750ibizhub_654ebizhub_c227ibizhub_c3300ibizhub_808bizhub_c4000i_firmwarebizhub_266i_firmwarebizhub_c4050ibizhub_550i_firmwarebizhub_287_firmwarebizhub_558ebizhub_c3350ibizhub_650i_firmwarebizhub_4052bizhub_c554ebizhub_226i_firmwarebizhub_c284_firmwarebizhub_4750i_firmwarebizhub_754e_firmwarebizhub_458_firmwarebizhub_4700ibizhub_450i_firmwarebizhub_c654ebizhub_266ibizhub_c368bizhub_360i_firmwarebizhub_c308bizhub_c287ibizhub_c360ibizhub_300ibizhub_c754bizhub_c3300i_firmwarebizhub_246ibizhub_c224_firmwarebizhub_c3351bizhub_308e_firmwarebizhub_c257ibizhub_c284ebizhub_550ibizhub_c284e_firmwarebizhub_c224e_firmwarebizhub_c759bizhub_c659bizhub_c450i_firmwarebizhub_c287bizhub_c658_firmwarebizhub_c308_firmwarebizhub_c227_firmwarebizhub_c754e_firmwarebizhub_c659_firmwarebizhub_c454ebizhub_c450ibizhub_c284bizhub_654_firmwarebizhub_c3320i_firmwarebizhub_287bizhub_368bizhub_750i_firmwarebizhub_750ibizhub_4050i_firmwarebizhub_308_firmwarebizhub_4752bizhub_c654bizhub_c458bizhub_c558_firmwarebizhub_758bizhub_c4050i_firmwarebizhub_4752_firmwarebizhub_c550ibizhub_c750i_firmwarebizhub_c3851fsbizhub_c227i_firmwarebizhub_c364e_firmwarebizhub_958_firmwarebizhub_227_firmwarebizhub_c224bizhub_c258bizhub_c554e_firmwarebizhub_c250i_firmwarebizhub_450ibizhub_c650i_firmwarebizhub_c550i_firmwarebizhub_658ebizhub_c458_firmwarebizhub_4052_firmwarebizhub_c368_firmwarebizhub_454ebizhub_c360i_firmwarebizhub_368e_firmwarebizhub_c224ebizhub_c454bizhub_4050ibizhub_226ibizhub_554ebizhub_c364bizhub_c250ibizhub_364e_firmwarebizhub_224ebizhub_c4000ibizhub_458ebizhub_554e_firmwarebizhub_758_firmwarebizhub_c3320ibizhub_364ebizhub_c287_firmwarebizhub_224e_firmwarebizhub_754_firmwarebizhub_c654e_firmwarebizhub_c258_firmwarebizhub_c454e_firmwarebizhub_227bizhub_c654_firmwarebizhub_c227bizhub_658e_firmwarebizhub_308ebizhub series
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • Next
Details not found