An attacker could retrieve passwords from a HTTP GET request from the Kunbus PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) if the attacker is in an MITM position.
The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Pr100088_modbus_gateway_firmware | Kunbus | * | 1.1.13166 (excluding) |