Authentication flaw

2019-08-2901:15:00

PRIOn knowledge base

www.prio-n.com

9.3 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.1%

JSON

A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator’s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication.

CPENameOperatorVersion
vd_1_firmwarele230
gv-vd8700_firmwarele1.01
gv-vr360_firmwarele1.10

Name	Operator	Version
vd_1_firmware	le	230
gv-vd8700_firmware	le	1.01
gv-vr360_firmware	le	1.10

References

surl.twcert.org.tw/gCDQN

gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b

tvn.twcert.org.tw/taiwanvn/TVN-201906005