CVE-2018-10024

CRITICAL

ubiQuoss Switch VP5208A - Info Disclosure

Title source: llm

Description

ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with the user credentials in cleartext when a failed login attempt occurs. The file can be reached via an HTTP request. The credentials can be used to access the system via SSH (or TELNET if it is enabled).

Exploits (1)

github WORKING POC 11 stars

by X-C3LL · pythonpoc

https://github.com/X-C3LL/PoC-CVEs/tree/master/CVE-2018-10024

View Code ZIP pw:eip

References (1)

[Third Party Advisory] https://www.tarlogic.com/advisories/Tarlogic-2018-002.txt

Scores

CVSS v3 9.8

EPSS 0.0056

EPSS Percentile 68.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (1)

ubiquoss/vp5208a_firmware

Timeline

Published Apr 11, 2018

Tracked Since Feb 18, 2026