Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Emerson Smart Wireless Gateway 1420 4.6.59 Missing Authentication

🗓️ 09 Mar 2021 00:00:00Reported by Harsha BhatType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 222 Views

Emerson Smart Wireless Gateway 1420 4.6.59 Missing Authentication Vulnerabilit

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Emerson Smart Wireless Gateway 1420 4.6.59 Missing Authentication Vulnerability
9 Mar 202100:00
zdt
Circl		CVE-2020-19419
7 May 202414:30
circl
CNNVD		Emerson Smart Wireless Gateway 访问控制错误漏洞
9 Mar 202100:00
cnnvd
CVE		CVE-2020-19419
10 Mar 202117:17
cve
Cvelist		CVE-2020-19419
10 Mar 202117:17
cvelist
EUVD		EUVD-2020-11323
7 Oct 202500:30
euvd
NVD		CVE-2020-19419
10 Mar 202118:15
nvd
OSV		CVE-2020-19419
10 Mar 202118:15
osv
Prion		Authentication flaw
10 Mar 202118:15
prion
Positive Technologies		PT-2021-10347 · Emerson · Emerson Smart Wireless Gateway 1420
10 Mar 202100:00
ptsecurity
Rows per page
`Title: Missing access controls  
Product: Emerson Smart Wireless Gateway  
Vendor Homepage: http://emerson.com  
Vulnerable Version: 1420 4.6.59  
CVE Number: CVE-2020-19419  
Authors: Harsha Bhat, Anish Mitra and Unmesh Guragol  
Timeline:  
2019-08-02 Disclosed to the vendor  
2019-08-22 Vendor confirmed that the vulnerability was identified  
internally and a fix was released in the latest version of firmware  
  
1. Vulnerability Description  
  
Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59  
allows remote attackers to obtain sensitive information (device log files)  
on the administration console.  
  
2. PoC  
  
The PoC explained below is to obtain device logs without authentication.  
The following requests will retrieve device log files stored on the device.  
  
Access the following URL without authenticating into the administrator  
console:  
https://192.168.0.1/servlet/hartserver.txt  
  
  
3. Solution  
  
The vendor provides an updated version of firmware which should be  
installed immediately.  
  
CAUTION - This message may contain privileged and confidential information  
intended only for the use of the addressee  
named above. If you are not the intended recipient of this message you are  
hereby notified that any use, dissemination,  
distribution or reproduction of this message is prohibited. If you have  
received this message in error please notify  
The Missing Link immediately. Any views expressed in this message are those  
of the individual sender and may not  
necessarily reflect the views of The Missing Link.  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
09 Mar 2021 00:00Current
0.6Low risk
Vulners AI Score0.6
EPSS0.01149
emerson smart wireless gatewaymissing access controlscve-2020-19419remote attackersdevice log filesfirmware updateconfidential information
222