CVE-2019-20074
HIGH WAF: Low
CVSS 8.8
Published: 2019-12-30
CWE-269
On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page.
WAF Coverage Analysis
Improper Privilege Management
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| netis-systems | dl4343_firmware | - |
References
- drive.google.com (Third Party Advisory)
- fatihhcelik.blogspot.com (Third Party Advisory)