### [CVE-2018-10024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10024)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with the user credentials in cleartext when a failed login attempt occurs. The file can be reached via an HTTP request. The credentials can be used to access the system via SSH (or TELNET if it is enabled).

### POC

#### Reference
- https://www.tarlogic.com/advisories/Tarlogic-2018-002.txt

#### Github
No PoCs found on GitHub currently.