CVE-2019-17218
CRITICALV-Zug Combi-Steam MSLQ Firmware < ethernet_r07 - Cleartext Transmission of Sensitive Information via HTTP
Title source: llmDescription
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the communication to the web service is unencrypted via http. An attacker is able to intercept and sniff communication to the web service.
References (1)
Core 1
Core References
Permissions Required, Third Party Advisory x_refsource_misc
https://vuldb.com/?id.134116
Scores
CVSS v3
9.1
EPSS
0.0067
EPSS Percentile
47.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-319
Status
published
Products (1)
vzug/combi-stream_mslq_firmware
< ethernet_r07
Published
Oct 06, 2019
Tracked Since
Feb 18, 2026