Lucene search

[email protected]NVD:CVE-2014-8329

HistoryOct 20, 2014 - 3:55 p.m.

CVE-2014-8329

2014-10-2015:55:05

CWE-287

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.4%

JSON

Schrack Technik microControl with firmware before 1.7.0 (937) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain access data for the ftp and telnet services via a direct request for ZTPUsrDtls.txt.

Affected configurations

NVD

Node

schracktechnik_microcontrol_firmwareRange≤1.7.0

AND

schracktechnik_microcontrolMatch-

References

seclists.org/fulldisclosure/2014/Jul/40

www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140710-2_Schrack_Technik_Microcontrol_Multiple_critical_vulnerabilities_v10.txt

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.4%

JSON

Related for NVD:CVE-2014-8329

cvelist1 prion1 cve1