漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
BEC Technologies Multiple Routers Insufficiently Protected Credentials Information Disclosure Vulnerability
Vulnerability Description
BEC Technologies Multiple Routers Insufficiently Protected Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BEC Technologies routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within /cgi-bin/tools_usermanage.asp. The issue results from transmitting a list of users and their credentials to be handled on the client side. An attacker can leverage this vulnerability to disclose transported credentials, leading to further compromise. Was ZDI-CAN-25895.
CVSS Information
N/A
Vulnerability Type
不充分的凭证保护机制
Vulnerability Title
BEC Routers 安全漏洞
Vulnerability Description
BEC Routers是美国BEC公司的一系列路由器。 BEC Routers存在安全漏洞,该漏洞源于/cgi-bin/tools_usermanage.asp传输用户凭据列表,可能导致敏感信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A