32 matches found
CVE-2026-32842
Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows attackers to obtain administrator credentials by accessing configuration backup files. Attackers can download the config.bin file through fupload.cgi to extract plaintext username...
CVE-2025-67112
Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt device configurations, enabling credential manipulatio...
CVE-2020-37157
DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by...
CVE-2020-37157 DBPower C300 HD Camera - Remote Configuration Disclosure
DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by...
CVE-2020-37157
DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by...
CVE-2020-37157
CVE-2020-37157 affects DBPower C300 HD Camera. A configuration disclosure vulnerability allows unauthenticated attackers to download the unprotected /tmpfs/config_backup.bin and extract hardcoded credentials (username/password). Documented impact is credential exposure with high confidentiality i...
CVE-2020-37146
ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. Attackers can access the camera's configuration backup by sending a GET request to the /configbackup.bin endpoint, exposing credentia...
CVE-2020-37146 Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure
ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. Attackers can access the camera's configuration backup by sending a GET request to the /configbackup.bin endpoint, exposing credentia...
CVE-2026-22227
A command injection vulnerability may be exploited after the admin's authentication via the configuration backup restoration function of the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise...
VulnCheck KEV: CVE-2025-69200
phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via POST /api/setup/backup and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive...
FreeBSD : phpmyfaq -- multiple vulnerabilities (79c3c751-ee20-11f0-b17e-50ebf6bdf8e9)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 79c3c751-ee20-11f0-b17e-50ebf6bdf8e9 advisory. phpMyFAQ team reports: Stored cross-site scripting XSS and unauthenticated config backup download...
CVE-2025-69200
phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via POST /api/setup/backup and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive...
GHSA-9CG9-4H4F-J6FG phpMyFAQ has unauthenticated config backup download via /api/setup/backup
Summary An unauthenticated remote attacker can trigger generation of a configuration backup ZIP via POST /api/setup/backup and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive configuration files e.g., database.php with database credentials, leading to...
phpMyFAQ has unauthenticated config backup download via /api/setup/backup
Summary An unauthenticated remote attacker can trigger generation of a configuration backup ZIP via POST /api/setup/backup and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive configuration files e.g., database.php with database credentials, leading to...
CVE-2025-69200 phpMyFAQ has unauthenticated config backup download via /api/setup/backup
phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via POST /api/setup/backup and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive...
CVE-2025-69200 phpMyFAQ has unauthenticated config backup download via /api/setup/backup
phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via POST /api/setup/backup and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive...
CVE-2025-69200 phpMyFAQ has unauthenticated config backup download via /api/setup/backup
phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via POST /api/setup/backup and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive...
CVE-2025-69200
Summary: phpMyFAQ
PT-2025-53730
Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.0.16 Description An unauthenticated remote attacker can trigger the generation of a configuration backup ZIP file via the /api/setup/backup API endpoint. The generated ZIP file, accessible via the web, contains...
phpmyfaq -- multiple vulnerabilities
phpMyFAQ team reports: Stored cross-site scripting XSS and unauthenticated config backup download vulnerability...