Exposure of Sensitive Information to an Unauthorized Actor vulnerability in EFM-Networks, Inc. IpTIME T5008, EFM-Networks, Inc. IpTIME AX2004M, EFM-Networks, Inc. IpTIME AX3000Q, EFM-Networks, Inc. IpTIME AX6000M allows Authentication Bypass.This issue affects ipTIME T5008: through 15.26.8; ipTIME AX2004M: through 15.26.8; ipTIME AX3000Q: through 15.26.8; ipTIME AX6000M: through 15.26.8.
Attack Parameters
Attack Vector
Adjacent
Requires local network access
Attack Complexity
Low
Easy to exploit
Attack Requirements
Present
Additional conditions required
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed
Impact Assessment
Confidentiality
High
Complete data leak
Integrity
None
No data modification
Availability
None
No disruption
CVSS Vector v4.0
Weakness Type (CWE)
Vulnerable Products 8
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Iptime T5008_Firmware
cpe:2.3:o:iptime:t5008_firmware:*:*:*:*:*:*:*:*
|
— |
15.27.2
|
|
Iptime T5008
cpe:2.3:h:iptime:t5008:-:*:*:*:*:*:*:*
|
— | — |
|
Iptime Ax2004m_Firmware
cpe:2.3:o:iptime:ax2004m_firmware:*:*:*:*:*:*:*:*
|
— |
15.27.2
|
|
Iptime Ax2004m
cpe:2.3:h:iptime:ax2004m:-:*:*:*:*:*:*:*
|
— | — |
|
Iptime Ax3000q_Firmware
cpe:2.3:o:iptime:ax3000q_firmware:*:*:*:*:*:*:*:*
|
— |
15.27.2
|
|
Iptime Ax3000q
cpe:2.3:h:iptime:ax3000q:-:*:*:*:*:*:*:*
|
— | — |
|
Iptime Ax6000m_Firmware
cpe:2.3:o:iptime:ax6000m_firmware:*:*:*:*:*:*:*:*
|
— |
15.27.2
|
|
Iptime Ax6000m
cpe:2.3:h:iptime:ax6000m:-:*:*:*:*:*:*:*
|
— | — |