Improper access control

2014-10-2015:55:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.4%

JSON

Schrack Technik microControl with firmware before 1.7.0 (937) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain access data for the ftp and telnet services via a direct request for ZTPUsrDtls.txt.

CPENameOperatorVersion
technik_microcontrol_firmwarele1.7.0

CPE	Name	Operator	Version
	technik_microcontrol_firmware	le	1.7.0

References

seclists.org/fulldisclosure/2014/Jul/40

www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140710-2_Schrack_Technik_Microcontrol_Multiple_critical_vulnerabilities_v10.txt