1.7.4

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

westermo

NVD

Published: 2020-01-18

Updated: 2021-07-21

Summary

Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, backup.asp, sys-power.asp, ifaces-wls.asp, ifaces-wls-pkt.asp, and ifaces-wls-pkt-adv.asp.

Vulnerable Configurations

Part	Description	Count
OS	Westermo Westermo MRD 315 Firmware 1.7.3 Westermo MRD 315 Firmware 1.7.4	2
Hardware	Westermo Westermo MRD 315 -	1

References

https://sku11army.blogspot.com/2020/01/westermo-source-code-disclousure-in.html