CVE-2018-10286

HIGH

Ericsson-LG iPECS NMS A.1Ac - Info Disclosure

Title source: llm

Description

The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext, an attacker needs to be authenticated.

Exploits (1)

exploitdb WORKING POC

by Berk Cem Göksel · pythonwebappsphp

https://www.exploit-db.com/exploits/44515

View Code ZIP pw:eip

References (2)

[Third Party Advisory] https://gist.github.com/berkgoksel/fde102503c457c0344e2e53b7971437a

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44515/

Scores

CVSS v3 8.8

EPSS 0.0431

EPSS Percentile 88.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (1)

ericssonlg/ipecs_nms

Timeline

Published Apr 22, 2018

Tracked Since Feb 18, 2026