mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-25 08:34:03 +02:00
marc
855 B
855 B
CVE-2021-40858
Description
Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring.
POC
Reference
- http://packetstormsecurity.com/files/165166/Auerswald-COMpact-8.0B-Arbitrary-File-Disclosure.html
- https://www.redteam-pentesting.de/advisories/rt-sa-2021-006
- https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses