Ey As525F001 Firmware
CVE-2023-27927
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
An authenticated malicious user could acquire the simple mail transfer protocol (SMTP) Password in cleartext format, despite it being protected and hidden behind asterisks. The attacker could then perform further attacks using the SMTP credentials.
AnalysisAI
An authenticated malicious user could acquire the simple mail transfer protocol (SMTP) Password in cleartext format, despite it being protected and hidden behind asterisks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-319. An authenticated malicious user could acquire the simple mail transfer protocol (SMTP) Password in cleartext format, despite it being protected and hidden behind asterisks. The attacker could then perform further attacks using the SMTP credentials. Affected products include: Sauter-Controls Ey-As525F001 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Ey As525F001 Firmware
View allAn authenticated malicious user could successfully upload a malicious image could lead to a denial-of-service condition.
An unauthenticated remote attacker could provide a malicious link and trick an unsuspecting user into clicking on it. Ra
An unauthenticated remote attacker could force all authenticated users, such as administrative users, to perform unautho
A malicious user could leverage this vulnerability to escalate privileges or perform unauthorized actions in the context
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today