CVE-2020-25746
MEDIUMQED ResourceXpress Qubi3 Firmware < 1.40.9 - Sensitive Information Exposure via Debug Interface
Title source: llmDescription
QED ResourceXpress Qubi3 devices before 1.40.9 could allow a local attacker (with physical access to the device) to obtain sensitive information via the debug interface (keystrokes over a USB cable), aka wireless password visibility.
References (2)
Core 2
Core References
Product, Vendor Advisory x_refsource_misc
https://www.resourcexpress.com/meeting-room-booking-systems/hardware/qubi3/
Issue Tracking, Vendor Advisory x_refsource_confirm
https://resourcexpress.atlassian.net/wiki/spaces/RSG/pages/878641153/v1.40.9
Scores
CVSS v3
4.6
EPSS
0.0030
EPSS Percentile
21.9%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
resourcexpress/qubi3_firmware
< 1.40.9
Published
Nov 17, 2020
Tracked Since
Feb 18, 2026