The access control in CemiPark software stores integration (e.g. FTP or SIP) credentials in plain-text. An attacker who gained unauthorized access to the device can retrieve clear text passwords used by the system.This issue affects CemiPark software: 4.5, 4.7, 5.03 and potentially others. The vendor refused to provide the specific range of affected products.
[
{
"defaultStatus": "unknown",
"product": "CemiPark",
"vendor": "CEMI Tomasz Pawełek",
"versions": [
{
"status": "affected",
"version": "4.5"
},
{
"status": "affected",
"version": "4.7"
},
{
"status": "affected",
"version": "5.03"
}
]
}
]