Lucene search

[email protected]CVE-2014-8329

HistoryOct 03, 2022 - 4:20 p.m.

CVE-2014-8329

2022-10-0316:20:37

CWE-287

[email protected]

web.nvd.nist.gov

schrack technik

microcontrol

firmware

access control

sensitive information

remote attackers

nvd

cve-2014-8329

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.4%

JSON

Schrack Technik microControl with firmware before 1.7.0 (937) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain access data for the ftp and telnet services via a direct request for ZTPUsrDtls.txt.

Affected configurations

NVD

Node

schracktechnik_microcontrol_firmwareRange≤1.7.0

AND

schracktechnik_microcontrolMatch-

CPENameOperatorVersion
schrack:technik_microcontrol_firmwareschrack technik microcontrol firmwarele1.7.0
schrack:technik_microcontrolschrack technik microcontroleq-

CPE	Name	Operator	Version
schrack:technik_microcontrol_firmware	schrack technik microcontrol firmware	le	1.7.0
schrack:technik_microcontrol	schrack technik microcontrol	eq	-

References

seclists.org/fulldisclosure/2014/Jul/40

www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140710-2_Schrack_Technik_Microcontrol_Multiple_critical_vulnerabilities_v10.txt

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.4%

JSON

Related for CVE-2014-8329

prion1 cvelist1 nvd1