CVE-2020-23036

MEDIUM

MEDIA NAVI Inc SMACom v1.2 - Info Disclosure

Title source: llm

Description

MEDIA NAVI Inc SMACom v1.2 was discovered to contain an insecure session validation vulnerability in the session handling of the `password` authentication parameter of the wifi photo transfer module. This vulnerability allows attackers with network access privileges or on public wifi networks to read the authentication credentials and follow-up requests containing the user password via a man in the middle attack.

References (2)

[Technical Description] https://cwe.mitre.org/data/definitions/522.html

[Exploit, Third Party Advisory] https://www.vulnerability-lab.com/get_content.php?id=2211

Scores

CVSS v3 5.9

EPSS 0.0027

EPSS Percentile 50.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (1)

medianavi/smacom

Timeline

Published Oct 22, 2021

Tracked Since Feb 18, 2026