CVE-2019-15654
CVE-2019-15654 affects Comba AC2400 devices. A crafted unauthenticated request to the web API endpoint "/09/business/upgrade/upcfgAction.php?download=true" can disclose the DBconfig.cfg, with the login information stored in cleartext at the end of the file. This is triggered by the web management...