AVE.DOMINAplus.authClients.xml.Information.Disclosure
Description
This indicates an attack attempt to exploit an Information Disclosure vulnerability in AVE DOMINAplus devices.
The vulnerability is due to an unprotected endpoint hosted on the device. An unauthenticated attacker can request that endpoint to obtain an XML file that contains administrator login information and take control of the device.
Affected Products
AVE DOMINAplus 1.10.77 and prior
AVE 53AB-WBS 1.10.62
AVE TS01 1.0.65
AVE TS03X-V 1.10.45a
AVE TS04X-V 1.10.45a
AVE TS05 1.10.36
AVE TS05N-V
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Currently we are unaware of any vendor supplied patch for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |