CVE-2020-28946
HIGHPlum IK-401 Firmware < 1.02 - Unauthenticated Configuration File Exposure via Webserver
Title source: llmDescription
An improper webserver configuration on Plum IK-401 devices with firmware before 1.02 allows an attacker (with network access to the device) to obtain the configuration file, including hashed credential data. Successful exploitation could allow access to hashed credential data with a single unauthenticated GET request.
References (2)
Core 2
Core References
Product, Vendor Advisory x_refsource_misc
https://plummac.com/project/ik-401/
Exploit, Third Party Advisory x_refsource_misc
https://www.cert.pl/news/single/coraz-wiecej-urzadzen-przemyslowych-podlaczonych-do-internetu/
Scores
CVSS v3
7.5
EPSS
0.0121
EPSS Percentile
64.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-306
Status
published
Products (1)
plummac/ik-401_firmware
< 1.02
Published
Dec 08, 2020
Tracked Since
Feb 18, 2026