CVE-2019-15653

HIGH

Comba Ap2600-i - A02 - 0202n00pd2 Fir... - Insufficiently Protected Credentials

Title source: rule

Description

Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via an insecure authentication mechanism. The HTML source code of the login page contains values that allow obtaining the username and password. The username are password values are a double md5 of the plaintext real value, i.e., md5(md5(value)).

References (2)

[Vendor Advisory] https://www.comba-telecom.com/en/news

[Exploit, Third Party Advisory] https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=26164

Scores

CVSS v3 7.5

EPSS 0.0080

EPSS Percentile 73.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522 CWE-327 CWE-311

Status published

Affected Products (1)

comba/ap2600-i_-_a02_-_0202n00pd2_firmware

Timeline

Published Mar 19, 2020

Tracked Since Feb 18, 2026