Lucene search

[email protected]CVE-2010-0214

HistoryJan 12, 2011 - 1:00 a.m.

CVE-2010-0214

2011-01-1201:00:01

CWE-200

[email protected]

web.nvd.nist.gov

polyvision

roomwizard

firmware

remote attackers

sensitive information

cve-2010-0214

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.7%

JSON

The administrative interface on the PolyVision RoomWizard with firmware 3.2.3 places the Sync Connector Active Directory (AD) credentials in a web form that is accessed over HTTP on port 80, which allows remote attackers to obtain sensitive information by reading the HTML source code corresponding to the /admin/sign/DeviceSynch URI.

Affected configurations

NVD

Node

polyvisionroomwizard_firmwareMatch3.2.3

AND

polyvisionroomwizard

CPENameOperatorVersion
polyvision:roomwizard_firmwarepolyvision roomwizard firmwareeq3.2.3
polyvision:roomwizardpolyvision roomwizardeq*

CPE	Name	Operator	Version
polyvision:roomwizard_firmware	polyvision roomwizard firmware	eq	3.2.3
polyvision:roomwizard	polyvision roomwizard	eq	*

References

packetstormsecurity.org/files/view/97291/roomwizard-disclose.txt

seclists.org/fulldisclosure/2011/Jan/58

www.kb.cert.org/vuls/id/870601

www.securityfocus.com/bid/45699

www.vupen.com/english/advisories/2011/0059

exchange.xforce.ibmcloud.com/vulnerabilities/64543

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.7%

JSON

Related for CVE-2010-0214

cvelist2 nvd2 cert1 packetstorm1 prion2 cve1