CVE Vulnerability

CVE-2021-34544

An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. In /export.html, email.html, and sms.html, cleartext passwords are stored. This may allow sensitive information to be read by someone with access to the device.

4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.exploit-db.com/exploits/49987 Exploit Third Party Advisory
https://drive.google.com/file/d/1N8Ch1UGNcoocUaPhOe_1mAECOe5kr4pt/view?usp=sharing Exploit Third Party Advisory
https://www.solar-log.com/en/support/firmware/ Product Release Notes
Configurations

Configuration 1
Information

Published : 2021-12-07 09:15

Updated : 2021-12-09 05:15

NVD link : CVE-2021-34544

Mitre link : CVE-2021-34544

Products Affected
No products.
CWE
CWE-312

Cleartext Storage of Sensitive Information