An improper webserver configuration on Plum IK-401 devices with firmware before 1.02 allows an attacker (with network access to the device) to obtain the configuration file, including hashed credential data. Successful exploitation could allow access to hashed credential data with a single unauthenticated GET request.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-12-08T19:40:22

Updated: 2024-08-04T16:48:01.322Z

Reserved: 2020-11-19T00:00:00

Link: CVE-2020-28946

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-12-08T20:15:15.713

Modified: 2024-11-21T05:23:21.203

Link: CVE-2020-28946

cve-icon Redhat

No data.