An issue was discovered on Cayin SMP-PRO4 devices. A user can discover a saved password by viewing the URL after a Connection String Test. This password is shown in the webpass parameter of a media_folder.cgi?apply_mode=ping_server URI.
References
| Link | Resource |
|---|---|
| https://nileshsapariya.blogspot.com/2020/01/cayin-smp-pro4-signage-media-player.html | Exploit Third Party Advisory |
| https://nileshsapariya.blogspot.com/2020/01/cayin-smp-pro4-signage-media-player.html | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
21 Nov 2024, 05:36
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://nileshsapariya.blogspot.com/2020/01/cayin-smp-pro4-signage-media-player.html - Exploit, Third Party Advisory |
Information
Published : 2020-01-13 23:15
Updated : 2024-11-21 05:36
NVD link : CVE-2020-6954
Mitre link : CVE-2020-6954
CVE.ORG link : CVE-2020-6954
JSON object : View
Products Affected
cayintech
- smp-pro4_firmware
- smp-pro4
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor