CVE-2020-35755

Beschreibung:
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service Read_ NVRAM Direct Access Information Leak. The luci_service deamon running on port 7777 provides a sub-category of commands for which Read_ is prepended. Commands in this category are able to directly read the contents of the device configuration NVRAM. The NVRAM contains sensitive information, such as the Wi-Fi password (in cleartext), as well as connected account tokens for services such as Spotify.

CWE: CWE-601

CVSS-Bewertung
CVSS 2: MEDIUM – 5.8 (Version: 2.0)
CVSS 3: MEDIUM – 6.1 (Version: 3.1)

Links:

NVD – CVE-2020-35755
CVE – CVE-2020-35755

Link (max. 20) Quelle Tags
https://www.iot-inspector.com/blog/advisory-multiple-issues-libre-wireless-ls9/ MISC Exploit Issue Tracking Third Party Advisory
https://snyk.io/vuln/SNYK-JS-PATHPARSE-1077067 MISC Exploit Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279028 MISC Exploit Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279030 MISC
https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029 MISC

Quelle: NVD – CVE-2020-35755
Datum Veröffentlichung: 2021-05-03T21:15Z, Datum letzte Änderung: 2021-05-04T10:21Z