Self-generated Error Message Containing Sensitive Information

CVE-2023-41027

High

8/10

Summary

Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 allows an authenticated attacker to leak the password for the administrative account via requests to the vulnerable endpoint.

Attack Complexity: LOW
Attack Vector: ADJACENT_NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-210 - Self-generated Error Message Containing Sensitive Information

The software identifies an error condition and creates its own diagnostic or error messages that contain sensitive information.

References

Advisory Timeline

Published Sep 22, 2023

Self-generated Error Message Containing Sensitive Information

CVE-2023-41027

Summary

CWE-210 - Self-generated Error Message Containing Sensitive Information

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS