An Information Exposure Through Query Strings in GET Request issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user.
Weakness
The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Hirschmann_rs20-0900mmm2tdau | Belden | - (including) | - (including) |
| Hirschmann_rs20-0900nnm4tdau | Belden | - (including) | - (including) |
| Hirschmann_rs20-0900vvm2tdau | Belden | - (including) | - (including) |
| Hirschmann_rs20-1600l2l2sdau | Belden | - (including) | - (including) |
| Hirschmann_rs20-1600l2m2sdau | Belden | - (including) | - (including) |
| Hirschmann_rs20-1600l2s2sdau | Belden | - (including) | - (including) |
| Hirschmann_rs20-1600l2t1sdau | Belden | - (including) | - (including) |
| Hirschmann_rs20-1600m2m2sdau | Belden | - (including) | - (including) |
| Hirschmann_rs20-1600m2t1sdau | Belden | - (including) | - (including) |
| Hirschmann_rs20-1600s2m2sdau | Belden | - (including) | - (including) |
| Hirschmann_rs20-1600s2s2sdau | Belden | - (including) | - (including) |
| Hirschmann_rs20-1600s2t1sdau | Belden | - (including) | - (including) |