CVE-2019-17218

Published: Oct 6, 2019Modified: Nov 21, 2024

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the communication to the web service is unencrypted via http. An attacker is able to intercept and sniff communication to the web service.

Affected (2)

Products: Vzug: Combi Stream Mslq Firmware

Vzug

1 product

Combi Stream Mslq Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Vzug Combi Stream Mslq Firmware	Before ethernet_r07

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vzug Combi Stream Mslq Firmware	Before wlan_r05

Running on/with	Platform Versions
Vzug Combi Stream Mslq	All versions

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (2)

https://vuldb.com/?id.134116

Source: cve@mitre.org

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.134116

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

Timeline

No history available yet.