CVE-2020-16280

MEDIUM

Rangeeos - Insufficiently Protected Credentials

Title source: rule

Description

Multiple Rangee GmbH RangeeOS 8.0.4 modules store credentials in plaintext including credentials of users for several external facing administrative services, domain joined users, and local administrators. To exploit the vulnerability a local attacker must have access to the underlying operating system.

References (1)

[Third Party Advisory] https://www.contextis.com/en/resources/advisories/cve-2020-16280

Scores

CVSS v3 5.5

EPSS 0.0005

EPSS Percentile 14.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (1)

rangee/rangeeos

Timeline

Published Aug 20, 2020

Tracked Since Feb 18, 2026