Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, backup.asp, sys-power.asp, ifaces-wls.asp, ifaces-wls-pkt.asp, and ifaces-wls-pkt-adv.asp.
References
Link | Resource |
---|---|
https://sku11army.blogspot.com/2020/01/westermo-source-code-disclousure-in.html | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-01-18T18:42:03
Updated: 2020-01-18T18:42:03
Reserved: 2020-01-18T00:00:00
Link: CVE-2020-7227
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-01-18T19:15:11.167
Modified: 2021-07-21T11:39:23.747
Link: CVE-2020-7227
JSON object: View
Redhat Information
No data.
CWE