Summaryinfo

A vulnerability was found in Schrack Technik microControl. It has been classified as problematic. This issue affects some unknown processing of the component Telnet Service. Performing a manipulation results in improper authentication. This vulnerability was named CVE-2014-8329. There is no available exploit. Upgrading the affected component is recommended.

Detailsinfo

A vulnerability was found in Schrack Technik microControl (unknown version). It has been classified as critical. This affects an unknown code block of the component Telnet Service. The manipulation with an unknown input leads to a improper authentication vulnerability. CWE is classifying the issue as CWE-287. When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

Schrack Technik microControl with firmware before 1.7.0 (937) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain access data for the ftp and telnet services via a direct request for ZTPUsrDtls.txt.

The weakness was presented 10/20/2014 (Website). It is possible to read the advisory at sec-consult.com. This vulnerability is uniquely identified as CVE-2014-8329 since 10/20/2014. The exploitability is told to be easy. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. The technical details are unknown and an exploit is not publicly available.

Upgrading eliminates this vulnerability.

See VDB-70712 and VDB-70682 for similar entries. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Vendor

• Schrack

Name

• Technik microControl

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion