CVE-2020-7227 - Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an

CVE-2020-7227

Summary

Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, backup.asp, sys-power.asp, ifaces-wls.asp, ifaces-wls-pkt.asp, and ifaces-wls-pkt-adv.asp.

References

https://sku11army.blogspot.com/2020/01/westermo-source-code-disclousure-in.html

Vulnerable Configurations

CVSS

Base:	5.0
Impact:
Exploitability:

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

18-01-2020 - 19:15

Published

18-01-2020 - 19:15

Last modified

18-01-2020 - 23:08