CVE Vulnerabilities

CVE-2023-41027

Self-generated Error Message Containing Sensitive Information

Published: Sep 22, 2023 | Modified: Nov 21, 2024
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Credential disclosure in the /webs/userpasswd.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 allows an authenticated attacker to leak the password for the administrative account via requests to the vulnerable endpoint.

Weakness

The product identifies an error condition and creates its own diagnostic or error messages that contain sensitive information.

Affected Software

Name Vendor Start Version End Version
Rx4-1500_firmware Juplink 1.0.4 (including) 1.0.4 (including)
Rx4-1500_firmware Juplink 1.0.5 (including) 1.0.5 (including)

Potential Mitigations

References