Vulnerabilities > CVE-2023-22389 - Unprotected Storage of Credentials vulnerability in Snapav Wattbox Wb-300-Ip-3 Firmware Wb10.9A17

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

snapav

CWE-256

NVD

Published: 2023-01-30

Updated: 2023-11-07

Summary

Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file when the device configuration is exported via Save/Restore–>Backup Settings, which could be read by any user accessing the file.

Vulnerable Configurations

Part	Description	Count
OS	Snapav Snapav Wattbox WB 300 IP 3 Firmware - Snapav Wattbox WB 300 IP 3 Firmware Wb10.9A17	2
Hardware	Snapav Snapav Wattbox WB 300 IP 3 -	1

Common Weakness Enumeration (CWE)

CWE-256 - Unprotected Storage of Credentials

References

https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-03