logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2020-21994

Description

AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful authentication bypass attack.


Affected Software


CPE Name Name Version
ave:dominaplus ave dominaplus 1.10.77
ave:53ab-wbs_firmware ave 53ab-wbs firmware 1.10.62
ave:ts01_firmware ave ts01 firmware 1.0.65
ave:ts03x-v_firmware ave ts03x-v firmware 1.10.45a
ave:ts04x-v_firmware ave ts04x-v firmware 1.10.45a
ave:ts05_firmware ave ts05 firmware 1.10.36
ave:ts05n-v_firmware ave ts05n-v firmware -

Related