Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800.
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Netmodule_router_software | Netmodule | * | 4.3.0.113 (excluding) |
Netmodule_router_software | Netmodule | 4.4.0.0 (including) | 4.4.0.111 (excluding) |
Netmodule_router_software | Netmodule | 4.5.0.0 (including) | 4.5.0.105 (excluding) |
While logging all information may be helpful during development stages, it is important that logging levels be set appropriately before a product ships so that sensitive user data and system information are not accidentally exposed to potential attackers. Different log files may be produced and stored for: