The access control in CemiPark software stores integration (e.g. FTP or SIP) credentials in plain-text. An attacker who gained unauthorized…
CERT-PL·CWE-256·Published 2024-05-09
The access control in CemiPark software stores integration (e.g. FTP or SIP) credentials in plain-text. An attacker who gained unauthorized access to the device can retrieve clear text passwords used by the system.This issue affects CemiPark software: 4.5, 4.7, 5.03 and potentially others. The vendor refused to provide the specific range of affected products.
The access control in CemiPark software stores integration (e.g. FTP or SIP) credentials in plain-text. An attacker who gained unauthorized access to the device can retrieve clear text passwords used by the system.This issue affects CemiPark software: 4.5, 4.7, 5.03 and potentially others. The vendor refused to provide the specific range of affected products.
El control de acceso en el software CemiPark almacena las credenciales de integración (por ejemplo, FTP o SIP) en texto plano. Un atacante que obtuvo acceso no autorizado al dispositivo puede recuperar las contraseñas de texto plano utilizadas por el sistema. Este problema afecta al software CemiPark: 4.5, 4.7, 5.03 y potencialmente a otros. El vendedor se negó a proporcionar la gama específica de productos afectados.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.1 | Primary | cve.org | 5.4 | — | — | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
| 3.1 | Primary | cve.org | 5.4 | — | — | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
| 3.1 | Secondary | NVD | 5.4 | 2.8 | 2.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |