Common Weakness Enumeration

CWE-260

Allowed

Password in Configuration File

Abstraction: Base · Status: Incomplete

The product stores a password in a configuration file that might be accessible to actors who do not know the password.

42 vulnerabilities reference this CWE, most recent first.

CVE-2024-45673 (GCVE-0-2024-45673)

Vulnerability from cvelistv5 – Published: 2025-02-21 16:45 – Updated: 2025-08-27 21:33
VLAI
Title
IBM Security Verify Bridge information disclosure
Summary
IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores user credentials in configuration files which can be read by a local user.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-260 - Password in Configuration File
Assigner
ibm
References
URL Tags
https://www.ibm.com/support/pages/node/7183801 vendor-advisorypatch
Impacted products
Vendor Product Version
IBM Security Verify Bridge Directory Sync Affected: 1.0.1 , ≤ 1.0.12 (semver)
    cpe:2.3:a:ibm:security_verify_bridge:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:security_verify_bridge:1.0.12:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-45673",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-21T17:11:29.725426Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-27T21:33:04.260Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:security_verify_bridge:1.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:security_verify_bridge:1.0.12:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Security Verify Bridge Directory Sync",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "1.0.12",
              "status": "affected",
              "version": "1.0.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores user credentials in configuration files which can be read by a local user."
            }
          ],
          "value": "IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores user credentials in configuration files which can be read by a local user."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-260",
              "description": "CWE-260 Password in Configuration File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-15T14:25:18.235Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7183801"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Security Verify Bridge information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-45673",
    "datePublished": "2025-02-21T16:45:51.122Z",
    "dateReserved": "2024-09-03T13:50:43.964Z",
    "dateUpdated": "2025-08-27T21:33:04.260Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-53770 (GCVE-0-2023-53770)

Vulnerability from cvelistv5 – Published: 2025-12-09 20:53 – Updated: 2026-04-07 14:06
VLAI
Title
MiniDVBLinux 5.4 Unauthenticated Configuration Download via Backup Endpoint
Summary
MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can exploit the backup download endpoint by sending a GET request with 'action=getconfig' to retrieve a complete system configuration archive containing sensitive credentials.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-260 - Password in Configuration File
Assigner
Impacted products
Date Public
2023-03-27 00:00
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-53770",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-10T16:47:18.299819Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-10T16:47:23.011Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MiniDVBLinux(TM) Distribution (MLD)",
          "vendor": "MiniDVBLinux",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c=5.4"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
        }
      ],
      "datePublic": "2023-03-27T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eMiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can exploit the backup download endpoint by sending a GET request with \u0027action=getconfig\u0027 to retrieve a complete system configuration archive containing sensitive credentials.\u003c/p\u003e"
            }
          ],
          "value": "MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can exploit the backup download endpoint by sending a GET request with \u0027action=getconfig\u0027 to retrieve a complete system configuration archive containing sensitive credentials."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-260",
              "description": "CWE-260: Password in Configuration File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-07T14:06:48.831Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-51091",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/51091"
        },
        {
          "name": "Official Product Homepage",
          "tags": [
            "product"
          ],
          "url": "https://www.minidvblinux.de"
        },
        {
          "name": "Zero Science Lab Disclosure (ZSL-2022-5713)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5713.php"
        },
        {
          "name": "VulnCheck Advisory: MiniDVBLinux 5.4 Unauthenticated Configuration Download via Backup Endpoint",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/minidvblinux-unauthenticated-configuration-download-via-backup-endpoint"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "MiniDVBLinux 5.4 Unauthenticated Configuration Download via Backup Endpoint",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2023-53770",
    "datePublished": "2025-12-09T20:53:43.359Z",
    "dateReserved": "2025-12-08T15:40:56.295Z",
    "dateUpdated": "2026-04-07T14:06:48.831Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-53739 (GCVE-0-2023-53739)

Vulnerability from cvelistv5 – Published: 2025-12-09 20:49 – Updated: 2026-04-07 14:06
VLAI
Title
Tinycontrol LAN Controller v3 LK3 1.58a Unauthenticated Configuration Backup Disclosure
Summary
Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3_settings.bin file and extract base64-encoded user and admin passwords without authentication.
SSVC
Exploitation: poc Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-260 - Password in Configuration File
Assigner
Impacted products
Vendor Product Version
Tinycontrol Tinycontrol LAN Controller v Affected: <=1.58a
Affected: HW 3.8
Create a notification for this product.
Tinycontrol LK Affected: <=1.58a
Affected: HW 3.8
Create a notification for this product.
Date Public
2023-10-09 00:00
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-53739",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-09T21:05:44.794176Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-09T21:06:05.659Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Tinycontrol LAN Controller v",
          "vendor": "Tinycontrol",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c=1.58a"
            },
            {
              "status": "affected",
              "version": "HW 3.8"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "LK",
          "vendor": "Tinycontrol",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c=1.58a"
            },
            {
              "status": "affected",
              "version": "HW 3.8"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
        }
      ],
      "datePublic": "2023-10-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eTinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3_settings.bin file and extract base64-encoded user and admin passwords without authentication.\u003c/p\u003e"
            }
          ],
          "value": "Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3_settings.bin file and extract base64-encoded user and admin passwords without authentication."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-260",
              "description": "CWE-260: Password in Configuration File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-07T14:06:46.394Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-51731",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/51731"
        },
        {
          "name": "Tinycontrol Product Homepage",
          "tags": [
            "product"
          ],
          "url": "https://www.tinycontrol.pl"
        },
        {
          "name": "Zero Science Lab Advisory ID",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5786.php"
        },
        {
          "name": "VulnCheck Advisory: Tinycontrol LAN Controller v3 LK3 1.58a Unauthenticated Configuration Backup Disclosure",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/tinycontrol-lan-controller-v3-lk3-unauthenticated-configuration-backup-disclosure"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Tinycontrol LAN Controller v3 LK3 1.58a Unauthenticated Configuration Backup Disclosure",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2023-53739",
    "datePublished": "2025-12-09T20:49:46.553Z",
    "dateReserved": "2025-12-07T13:16:38.431Z",
    "dateUpdated": "2026-04-07T14:06:46.394Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-34128 (GCVE-0-2023-34128)

Vulnerability from cvelistv5 – Published: 2023-07-13 00:58 – Updated: 2024-10-31 17:55
VLAI
Summary
Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Severity
No CVSS data available.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-260 - Password in Configuration File
Assigner
Impacted products
Vendor Product Version
SonicWall GMS Affected: 9.3.2-SP1 and earlier versions
Create a notification for this product.
SonicWall Analytics Affected: 2.5.0.4-R7 and earlier versions
Create a notification for this product.
Date Public
2023-07-13 00:58
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:01:54.218Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010"
          },
          {
            "tags": [
              "related",
              "x_transferred"
            ],
            "url": "https://www.sonicwall.com/support/notices/230710150218060"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-34128",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-31T17:55:38.893138Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-31T17:55:48.342Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "GMS",
          "vendor": "SonicWall",
          "versions": [
            {
              "status": "affected",
              "version": "9.3.2-SP1 and earlier versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Analytics",
          "vendor": "SonicWall",
          "versions": [
            {
              "status": "affected",
              "version": "2.5.0.4-R7 and earlier versions"
            }
          ]
        }
      ],
      "datePublic": "2023-07-13T00:58:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions."
            }
          ],
          "value": "Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-260",
              "description": "CWE-260 Password in Configuration File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-13T00:58:35.946Z",
        "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "shortName": "sonicwall"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://www.sonicwall.com/support/notices/230710150218060"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
    "assignerShortName": "sonicwall",
    "cveId": "CVE-2023-34128",
    "datePublished": "2023-07-13T00:58:35.946Z",
    "dateReserved": "2023-05-25T22:45:46.851Z",
    "dateUpdated": "2024-10-31T17:55:48.342Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-2790 (GCVE-0-2023-2790)

Vulnerability from cvelistv5 – Published: 2023-05-18 12:31 – Updated: 2024-08-02 06:33
VLAI
Title
TOTOLINK N200RE Telnet Service custom.conf password in configuration file
Summary
A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224. Affected is an unknown function of the file /squashfs-root/etc_ro/custom.conf of the component Telnet Service. The manipulation leads to password in configuration file. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229374 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CWE
  • CWE-260 - Password in Configuration File
Assigner
References
URL Tags
https://vuldb.com/?id.229374 vdb-entrytechnical-description
https://vuldb.com/?ctiid.229374 signaturepermissions-required
https://drive.google.com/file/d/1RITXRvKele5aW42Y… exploit
Impacted products
Vendor Product Version
TOTOLINK N200RE Affected: 9.3.5u.6255_B20211224
Create a notification for this product.
Credits
lin7lic (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:33:05.524Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.229374"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.229374"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://drive.google.com/file/d/1RITXRvKele5aW42YFk0JeQHCq2B63lUj/view?usp=share_link"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Telnet Service"
          ],
          "product": "N200RE",
          "vendor": "TOTOLINK",
          "versions": [
            {
              "status": "affected",
              "version": "9.3.5u.6255_B20211224"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "analyst",
          "value": "lin7lic (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224. Affected is an unknown function of the file /squashfs-root/etc_ro/custom.conf of the component Telnet Service. The manipulation leads to password in configuration file. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229374 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine problematische Schwachstelle in TOTOLINK N200RE 9.3.5u.6255_B20211224 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei /squashfs-root/etc_ro/custom.conf der Komponente Telnet Service. Mit der Manipulation mit unbekannten Daten kann eine password in configuration file-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 1.4,
            "vectorString": "AV:L/AC:L/Au:M/C:P/I:N/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-260",
              "description": "CWE-260 Password in Configuration File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-23T06:41:40.586Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.229374"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.229374"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://drive.google.com/file/d/1RITXRvKele5aW42YFk0JeQHCq2B63lUj/view?usp=share_link"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-05-18T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2023-05-18T00:00:00.000Z",
          "value": "CVE reserved"
        },
        {
          "lang": "en",
          "time": "2023-05-18T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2023-06-10T18:16:54.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "TOTOLINK N200RE Telnet Service custom.conf password in configuration file"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2023-2790",
    "datePublished": "2023-05-18T12:31:04.424Z",
    "dateReserved": "2023-05-18T12:08:59.033Z",
    "dateUpdated": "2024-08-02T06:33:05.524Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-35033 (GCVE-0-2021-35033)

Vulnerability from cvelistv5 – Published: 2021-11-23 21:20 – Updated: 2024-08-04 00:33
VLAI
Summary
A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user.
CWE
  • CWE-260 - Password in Configuration File
Assigner
References
Impacted products
Vendor Product Version
Zyxel NBG6818 series firmware Affected: 1.00(ABSC.0)C0 through 1.00(ABSC.4)C0
Create a notification for this product.
Zyxel NBG7815 series firmware Affected: 1.00(ABSK.0)C0 through 1.00(ABSK.6)C0
Create a notification for this product.
Zyxel WSQ20 series firmware Affected: 1.00(ABOF.0)C0 through 1.00(ABOF.10)C0
Create a notification for this product.
Zyxel WSQ50 series firmware Affected: 1.00(ABKJ.0)C0 through 2.20(ABKJ.6)C0
Create a notification for this product.
Zyxel WSQ60 series firmware Affected: 1.00(ABND.0)C0 through 2.20(ABND.7)C0
Create a notification for this product.
Zyxel WSR30 series firmware Affected: 1.00(ABMY.0)C0 through 1.00(ABMY.11)C0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:33:49.871Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_pre-configured_password_management_vulnerability_of_home_routers_and_WiFi_systems.shtml"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/research/tra-2022-06"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NBG6818 series firmware",
          "vendor": "Zyxel",
          "versions": [
            {
              "status": "affected",
              "version": "1.00(ABSC.0)C0 through 1.00(ABSC.4)C0"
            }
          ]
        },
        {
          "product": "NBG7815 series firmware",
          "vendor": "Zyxel",
          "versions": [
            {
              "status": "affected",
              "version": "1.00(ABSK.0)C0 through 1.00(ABSK.6)C0"
            }
          ]
        },
        {
          "product": "WSQ20 series firmware",
          "vendor": "Zyxel",
          "versions": [
            {
              "status": "affected",
              "version": "1.00(ABOF.0)C0 through 1.00(ABOF.10)C0"
            }
          ]
        },
        {
          "product": "WSQ50 series firmware",
          "vendor": "Zyxel",
          "versions": [
            {
              "status": "affected",
              "version": "1.00(ABKJ.0)C0 through 2.20(ABKJ.6)C0"
            }
          ]
        },
        {
          "product": "WSQ60 series firmware",
          "vendor": "Zyxel",
          "versions": [
            {
              "status": "affected",
              "version": "1.00(ABND.0)C0 through 2.20(ABND.7)C0"
            }
          ]
        },
        {
          "product": "WSR30 series firmware",
          "vendor": "Zyxel",
          "versions": [
            {
              "status": "affected",
              "version": "1.00(ABMY.0)C0 through 1.00(ABMY.11)C0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-260",
              "description": "CWE-260: Password in Configuration File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-28T19:06:14.000Z",
        "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "shortName": "Zyxel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_pre-configured_password_management_vulnerability_of_home_routers_and_WiFi_systems.shtml"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.tenable.com/security/research/tra-2022-06"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@zyxel.com.tw",
          "ID": "CVE-2021-35033",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NBG6818 series firmware",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.00(ABSC.0)C0 through 1.00(ABSC.4)C0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "NBG7815 series firmware",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.00(ABSK.0)C0 through 1.00(ABSK.6)C0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "WSQ20 series firmware",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.00(ABOF.0)C0 through 1.00(ABOF.10)C0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "WSQ50 series firmware",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.00(ABKJ.0)C0 through 2.20(ABKJ.6)C0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "WSQ60 series firmware",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.00(ABND.0)C0 through 2.20(ABND.7)C0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "WSR30 series firmware",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.00(ABMY.0)C0 through 1.00(ABMY.11)C0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Zyxel"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "7.8",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-260: Password in Configuration File"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zyxel.com/support/Zyxel_security_advisory_for_pre-configured_password_management_vulnerability_of_home_routers_and_WiFi_systems.shtml",
              "refsource": "CONFIRM",
              "url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_pre-configured_password_management_vulnerability_of_home_routers_and_WiFi_systems.shtml"
            },
            {
              "name": "https://www.tenable.com/security/research/tra-2022-06",
              "refsource": "MISC",
              "url": "https://www.tenable.com/security/research/tra-2022-06"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
    "assignerShortName": "Zyxel",
    "cveId": "CVE-2021-35033",
    "datePublished": "2021-11-23T21:20:38.000Z",
    "dateReserved": "2021-06-17T00:00:00.000Z",
    "dateUpdated": "2024-08-04T00:33:49.871Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-5721 (GCVE-0-2020-5721)

Vulnerability from cvelistv5 – Published: 2020-04-15 20:50 – Updated: 2024-08-04 08:39
VLAI
Summary
MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Keep Password is set by default and, by default Master Password is not set. An attacker with access to the configuration file can extract a username and password to gain access to the router.
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a MikroTik WinBox Affected: 3.22 and below
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:39:25.683Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/research/tra-2020-23"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MikroTik WinBox",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "3.22 and below"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "MikroTik WinBox 3.22 and below stores the user\u0027s cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Keep Password is set by default and, by default Master Password is not set. An attacker with access to the configuration file can extract a username and password to gain access to the router."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-260",
              "description": "CWE-260",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-15T20:50:45.000Z",
        "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "shortName": "tenable"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.tenable.com/security/research/tra-2020-23"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vulnreport@tenable.com",
          "ID": "CVE-2020-5721",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MikroTik WinBox",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.22 and below"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MikroTik WinBox 3.22 and below stores the user\u0027s cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Keep Password is set by default and, by default Master Password is not set. An attacker with access to the configuration file can extract a username and password to gain access to the router."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-260"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.tenable.com/security/research/tra-2020-23",
              "refsource": "MISC",
              "url": "https://www.tenable.com/security/research/tra-2020-23"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
    "assignerShortName": "tenable",
    "cveId": "CVE-2020-5721",
    "datePublished": "2020-04-15T20:50:45.000Z",
    "dateReserved": "2020-01-06T00:00:00.000Z",
    "dateUpdated": "2024-08-04T08:39:25.683Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-25465 (GCVE-0-2019-25465)

Vulnerability from cvelistv5 – Published: 2026-03-11 18:23 – Updated: 2026-04-07 14:04
VLAI
Title
Hisilicon HiIpcam V100R003 Information Disclosure via Directory Traversal
Summary
Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by exploiting directory listing in the cgi-bin directory. Attackers can request the getadslattr.cgi endpoint to retrieve ADSL credentials and network configuration parameters including usernames, passwords, and DNS settings.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-260 - Password in Configuration File
Assigner
References
Impacted products
Vendor Product Version
Hisilicon HiIpcam Affected: V100R003
Create a notification for this product.
Date Public
2019-09-23 00:00
Credits
Todor Donev
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-25465",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-11T18:45:15.563492Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-11T19:31:03.608Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "HiIpcam",
          "vendor": "Hisilicon",
          "versions": [
            {
              "status": "affected",
              "version": "V100R003"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Todor Donev"
        }
      ],
      "datePublic": "2019-09-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eHisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by exploiting directory listing in the cgi-bin directory. Attackers can request the getadslattr.cgi endpoint to retrieve ADSL credentials and network configuration parameters including usernames, passwords, and DNS settings.\u003c/p\u003e"
            }
          ],
          "value": "Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by exploiting directory listing in the cgi-bin directory. Attackers can request the getadslattr.cgi endpoint to retrieve ADSL credentials and network configuration parameters including usernames, passwords, and DNS settings."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-260",
              "description": "CWE-260 Password in Configuration File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-07T14:04:24.697Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-47405",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/47405"
        },
        {
          "name": "VulnCheck Advisory: Hisilicon HiIpcam V100R003 Information Disclosure via Directory Traversal",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/hisilicon-hiipcam-v100r003-information-disclosure-via-directory-traversal"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Hisilicon HiIpcam V100R003 Information Disclosure via Directory Traversal",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2019-25465",
    "datePublished": "2026-03-11T18:23:09.998Z",
    "dateReserved": "2026-02-22T14:03:56.966Z",
    "dateUpdated": "2026-04-07T14:04:24.697Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2019-3780 (GCVE-0-2019-3780)

Vulnerability from cvelistv5 – Published: 2019-03-08 16:00 – Updated: 2024-09-16 22:45
VLAI
Title
Cloud Foundry Container Runtime Leaks IAAS Credentials
Summary
Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials. A malicious user with access to the k8s nodes can obtain IAAS credentials allowing the user to escalate privileges to gain access to the IAAS account.
CWE
  • CWE-260 - Password in Configuration File
Assigner
References
Impacted products
Date Public
2019-02-14 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:19:18.425Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.cloudfoundry.org/blog/cve-2019-3780"
          },
          {
            "name": "107434",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107434"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cloud Foundry Container Runtime (CFCR)",
          "vendor": "Cloud Foundry",
          "versions": [
            {
              "lessThan": "v0.28.0",
              "status": "affected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-02-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials. A malicious user with access to the k8s nodes can obtain IAAS credentials allowing the user to escalate privileges to gain access to the IAAS account."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-260",
              "description": "CWE-260: Password in Configuration File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-18T07:06:06.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.cloudfoundry.org/blog/cve-2019-3780"
        },
        {
          "name": "107434",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107434"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Cloud Foundry Container Runtime Leaks IAAS Credentials",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "DATE_PUBLIC": "2019-02-14T19:48:25.155Z",
          "ID": "CVE-2019-3780",
          "STATE": "PUBLIC",
          "TITLE": "Cloud Foundry Container Runtime Leaks IAAS Credentials"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cloud Foundry Container Runtime (CFCR)",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_name": "All",
                            "version_value": "v0.28.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cloud Foundry"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials. A malicious user with access to the k8s nodes can obtain IAAS credentials allowing the user to escalate privileges to gain access to the IAAS account."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-260: Password in Configuration File"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cloudfoundry.org/blog/cve-2019-3780",
              "refsource": "CONFIRM",
              "url": "https://www.cloudfoundry.org/blog/cve-2019-3780"
            },
            {
              "name": "107434",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107434"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2019-3780",
    "datePublished": "2019-03-08T16:00:00.000Z",
    "dateReserved": "2019-01-03T00:00:00.000Z",
    "dateUpdated": "2024-09-16T22:45:16.571Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-7925 (GCVE-0-2017-7925)

Vulnerability from cvelistv5 – Published: 2017-05-06 00:00 – Updated: 2024-08-05 16:19
VLAI
Summary
A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information.
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a Dahua Technology Co., Ltd Digital Video Recorders and IP Cameras Affected: Dahua Technology Co., Ltd Digital Video Recorders and IP Cameras
Date Public
2017-05-05 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:19:29.170Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-124-02"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://us.dahuasecurity.com/en/us/Security-Bulletin_030617.php"
          },
          {
            "name": "98312",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98312"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Dahua Technology Co., Ltd Digital Video Recorders and IP Cameras",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Dahua Technology Co., Ltd Digital Video Recorders and IP Cameras"
            }
          ]
        }
      ],
      "datePublic": "2017-05-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-260",
              "description": "CWE-260",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-08T09:57:01.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-124-02"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://us.dahuasecurity.com/en/us/Security-Bulletin_030617.php"
        },
        {
          "name": "98312",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98312"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-7925",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Dahua Technology Co., Ltd Digital Video Recorders and IP Cameras",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Dahua Technology Co., Ltd Digital Video Recorders and IP Cameras"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-260"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-124-02",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-124-02"
            },
            {
              "name": "http://us.dahuasecurity.com/en/us/Security-Bulletin_030617.php",
              "refsource": "MISC",
              "url": "http://us.dahuasecurity.com/en/us/Security-Bulletin_030617.php"
            },
            {
              "name": "98312",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98312"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2017-7925",
    "datePublished": "2017-05-06T00:00:00.000Z",
    "dateReserved": "2017-04-18T00:00:00.000Z",
    "dateUpdated": "2024-08-05T16:19:29.170Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

Avoid storing passwords in easily accessible locations.

Mitigation
Architecture and Design

Consider storing cryptographic hashes of passwords as an alternative to storing in plaintext.

No CAPEC attack patterns related to this CWE.