RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve system resources and debug log information without authentication.
Weakness
The product inappropriately exposes a directory listing with an index of all the resources located inside of the directory.
Potential Mitigations
References
- https://cxsecurity.com/issue/WLB-2020110130
- https://exchange.xforce.ibmcloud.com/vulnerabilities/191803
- https://packetstormsecurity.com/files/160073
- https://www.red-v.tv/
- https://www.vulncheck.com/advisories/red-v-super-digital-signage-system-log-information-disclosure-vulnerability
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5609.php