Rtu540 Firmware
CVE-2026-1772
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges.
AnalysisAI
Improper access controls in RTU500 series firmware (RTU520, RTU530, RTU540, RTU560) expose sensitive user management data to unauthenticated attackers who leverage browser developer tools to bypass web interface restrictions. An attacker without privileges can read confidential user information that should require authentication, though the vulnerability requires direct access to development utilities rather than simple network requests. No patch is currently available for this medium-severity exposure.
Technical ContextAI
Affects the RTU500 web user component of Rtu520 Firmware. RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Rtu540 Firmware
View allIEC 60870-5-104: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if
A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. Rated high severity
A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. Rated medium sever
A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Rated me
A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. Rated medium sever
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today