Impact
The Regesta Smart HD‑PLC device running firmware 11.02.05.10.02 contains an information‑disclosure flaw. An attacker with network access can invoke the /upgrade/query.php script using the harmless‑looking command parameter (cmd=p+3&3Bversion). Because the device does not require user registration for this operation, the request returns detailed version and system information, thereby exposing sensitive data. This vulnerability is a direct manifestation of CWE‑201, where internal information is inadvertently revealed.
Affected Systems
The affected product is Teldat’s Regesta Smart HD‑PLC – TLDPH16D2 model. Only firmware version 11.02.05.10.02 is vulnerable. The newer 11.02.06.00.02 firmware provided by Teldat already contains the fix. Devices run the old firmware on the network and are at risk.
Risk and Exploitability
The CVSS score of 6.9 classifies this flaw as moderate, and the EPSS score of less than 1% indicates a low likelihood of exploitation. However, the vulnerability is accessible over the network without authentication or registration and does not require special privileges, so an attacker could easily discover it. The flaw is not listed in CISA’s KEV catalog, but because it involves publicly disclosed sensitive information, remediation is still warranted.
OpenCVE Enrichment