An adjacent attacker without authentication can exploit this vulnerability to retrieve a set of user-privileged credentials. These credentials are present during the firmware upgrade procedure.
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.