CWE-200

Brynamics “Online Trade – Online trading and cryptocurrency investment system” allows remote attackers to obtain sensitive information via a direct request for the /dashboard/deposit URI, as demonstrated by discovering database credentials.

Brickstream 2300 devices allow remote attackers to obtain potentially sensitive information via a direct request for the basic.html#ipsettings or basic.html#datadelivery URI.

Electro Industries GaugeTech Nexus devices allow remote attackers to obtain potentially sensitive information via a direct request for the meter_information.htm, diag_system.htm, or diag_dnp_lan_wan.htm URI.

BWS Systems HA-Bridge devices allow remote attackers to obtain potentially sensitive information via a direct request for the #!/system URI.

Pharos Controls devices allow remote attackers to obtain potentially sensitive information via a direct request for the default/index.lsp or default/log.lsp URI.

Northern Electric & Power (NEP) inverter devices allow remote attackers to obtain potentially sensitive information via a direct request for the nep/status/index/1 URI.