ID CVE-2019-9976
Summary The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web interface users.
References
Vulnerable Configurations
  • cpe:2.3:o:dasannetworks:h660rm_firmware:1.03-0022
    cpe:2.3:o:dasannetworks:h660rm_firmware:1.03-0022
  • cpe:2.3:h:dasannetworks:h660rm
    cpe:2.3:h:dasannetworks:h660rm
CVSS
Base: 4.0
Impact:
Exploitability:
CWE CWE-255
CAPEC
packetstorm via4
data source https://packetstormsecurity.com/files/download/152232/dasanh660rm-disclosebypass.txt
id PACKETSTORM:152232
last seen 2019-03-26
published 2019-03-26
reporter Krzysztof Burghardt
source https://packetstormsecurity.com/files/152232/DASAN-H660RM-Information-Disclosure-Hardcoded-Key.html
title DASAN H660RM Information Disclosure / Hardcoded Key
refmap via4
misc https://blog.burghardt.pl/2019/03/boa-webserver-on-dasan-h660rm-devices-with-firmware-1-03-0022-saves-post-data-including-credentials-to-tmp-boa-temp/
Last major update 11-04-2019 - 15:29
Published 11-04-2019 - 15:29
Last modified 12-04-2019 - 07:41
Back to Top