AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful authentication bypass attack.
References
Link | Resource |
---|---|
https://cwe.mitre.org/data/definitions/522.html | Technical Description |
https://www.exploit-db.com/exploits/47819 | Exploit Third Party Advisory VDB Entry |
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5550.php | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
History
26 Oct 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://cwe.mitre.org/data/definitions/522.html - Technical Description |
10 Jul 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 May 2021, 19:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-522 | |
CPE | cpe:2.3:h:ave:ts05:-:*:*:*:*:*:*:* cpe:2.3:a:ave:dominaplus:*:*:*:*:*:*:*:* cpe:2.3:h:ave:ts01:-:*:*:*:*:*:*:* cpe:2.3:h:ave:ts05n-v:-:*:*:*:*:*:*:* cpe:2.3:o:ave:ts05n-v_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:ave:53ab-wbs:-:*:*:*:*:*:*:* cpe:2.3:h:ave:ts03x-v:-:*:*:*:*:*:*:* cpe:2.3:o:ave:ts03x-v_firmware:1.10.45a:*:*:*:*:*:*:* cpe:2.3:o:ave:ts01_firmware:1.0.65:*:*:*:*:*:*:* cpe:2.3:o:ave:ts05_firmware:1.10.36:*:*:*:*:*:*:* cpe:2.3:o:ave:ts04x-v_firmware:1.10.45a:*:*:*:*:*:*:* cpe:2.3:h:ave:ts04x-v:-:*:*:*:*:*:*:* cpe:2.3:o:ave:53ab-wbs_firmware:1.10.62:*:*:*:*:*:*:* |
|
References | (EXPLOIT-DB) https://www.exploit-db.com/exploits/47819 - Exploit, Third Party Advisory, VDB Entry | |
References | (MISC) https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5550.php - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
Information
Published : 2021-04-28 15:15
Updated : 2024-02-04 21:47
NVD link : CVE-2020-21994
Mitre link : CVE-2020-21994
CVE.ORG link : CVE-2020-21994
JSON object : View
Products Affected
ave
- ts01_firmware
- ts03x-v_firmware
- dominaplus
- ts05n-v
- ts05n-v_firmware
- ts05_firmware
- ts01
- ts04x-v_firmware
- ts04x-v
- ts05
- 53ab-wbs_firmware
- 53ab-wbs
- ts03x-v
CWE
CWE-522
Insufficiently Protected Credentials