Cisco Nexus Dashboard Configuration Backup REST API Unauthorized Access (cisco-sa-nd-cbid-5YqkOSHu)

According to its self-reported version, Cisco Nexus Dashboard is affected by a vulnerability. - A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive...

CVE-2026-20042

A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information. This vulnerability exists because authentication details are included in the encrypt...

CVE-2026-20042

A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information. This vulnerability exists because authentication details are included in the encrypt...

CVE-2026-20042

The CVE-2026-20042 issue affects Cisco Nexus Dashboard’s configuration backup feature. The root cause is that authentication details are stored in encrypted backup files, and an attacker with a valid backup file and the encryption password can decrypt the backup to retrieve sensitive information....

PT-2026-29550

A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information. This vulnerability exists because authentication details are included in the encrypt...

CVE-2020-37157

DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by...

CVE-2020-37146

CVE-2020-37146 affects ACE Security WiP-90113 HD Camera. A configuration disclosure vulnerability allows unauthenticated attackers to retrieve sensitive configuration files by sending a GET request to /config_backup.bin, exposing credentials and system settings. Exploitation context and impact ar...

CVE-2020-37146 Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure

ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. Attackers can access the camera's configuration backup by sending a GET request to the /configbackup.bin endpoint, exposing credentia...

PT-2026-6820

Name of the Vulnerable Software and Affected Versions ACE Security WiP-90113 HD Camera affected versions not specified Description An unauthenticated attacker can retrieve sensitive configuration files from the camera. Accessing the camera’s configuration backup is possible by sending a GET reque...

TP-Link Archer BE230 安全漏洞

The TP-Link Archer BE230 is a wireless router produced by TP-Link Corporation. The TP-Link Archer BE230 v1.2 1.2.4 Build 20251218 rel.70420 versions had security vulnerabilities. These vulnerabilities stemmed from the command injection vulnerability in the configuration backup and recovery...

CVE-2026-24421

phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/setup/backup endpoint to any authenticated user despite their permissions. SetupController.php uses userIsAuthenticated but does not verify that the requester has...

CVE-2026-24421

Summary: CVE-2026-24421 affects phpMyFAQ before 4.0.17. Versions 4.0.16 and earlier have flawed authorization logic that exposes the /api/setup/backup endpoint to any authenticated user. The code uses userIsAuthenticated() without verifying configuration/admin permissions, allowing non-admin user...

phpMyFAQ: /api/setup/backup accessible to any authenticated user (authz missing)

Summary Authenticated non‑admin users can call /api/setup/backup and trigger a configuration backup. The endpoint only checks authentication, not authorization, and returns a link to the generated ZIP. Details SetupController.php uses userIsAuthenticated but does not verify that the requester has...

PT-2026-4551

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions 4.0.14 through 4.0.16 Description phpMyFAQ is a web-based FAQ application. A flaw in authorization logic exists in versions 4.0.14 and below, exposing the /api/setup/backup API endpoint to any authenticated user, regardless o...

CVE-2023-49256

It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key...

CVE-2025-68719

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle configuration management. Once any user is logged in and maintains an active session, an attacker can directly query the backup endpoint and download a full configuration archive. This archive contains sensitive files such as /etc/shadow,...

CVE-2025-68719

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle configuration management. Once any user is logged in and maintains an active session, an attacker can directly query the backup endpoint and download a full configuration archive. This archive contains sensitive files such as /etc/shadow,...

CVE-2019-16150

Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-cod...

CVE-2021-47741 ZBL EPON ONU Broadband Router V100R001 Privilege Escalation via Configuration Endpoint

ZBL EPON ONU Broadband Router V100R001 contains a privilege escalation vulnerability that allows limited administrative users to elevate access by sending requests to configuration endpoints. Attackers can exploit the vulnerability by accessing the configuration backup or password page to disclos...

CVE-2021-47741 ZBL EPON ONU Broadband Router V100R001 Privilege Escalation via Configuration Endpoint

ZBL EPON ONU Broadband Router V100R001 contains a privilege escalation vulnerability that allows limited administrative users to elevate access by sending requests to configuration endpoints. Attackers can exploit the vulnerability by accessing the configuration backup or password page to disclos...