CVE-2025-48046 MICI Network Co. Ltd. NetFax Server Disclosure of Stored Passwords in Cleartext

An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the /config.php endpoint...

CVE-2025-48045 MICI Network Co. Ltd. NetFax Server Default Administrator Credentials Disclosure

An unauthenticated HTTP GET request to the /client.php endpoint will disclose the default administrator user credentials...

PT-2025-23149 · Mici Network Co. · Netfax Server

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An unauthenticated HTTP GET request to the "/client.php" endpoint will disclose the default administrator user credentials. Recommendations: At the moment, there is no information about a...

PT-2025-23150 · Mici Network Co. · Netfax Server

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the "/config.php" endpoint. Recommendations: At the moment, there is no...