CVE-2020-29666

MEDIUM

Lan ATMService M3 ATM Monitoring System 6.1.0 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-29666. PoCs published by jet-pentest.

AI-analyzed exploit summary This repository provides a detailed technical description of CVE-2020-29666, a directory listing vulnerability in Lan ATMService M3 ATM Monitoring System 6.1.0. It explains how remote attackers can access log files containing user cookie values due to server misconfiguration.

Description

In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value.

Exploits (1)

nomisec WRITEUP 1 stars

by jet-pentest · poc

https://github.com/jet-pentest/CVE-2020-29666

View Code ZIP pw:eip

This repository provides a detailed technical description of CVE-2020-29666, a directory listing vulnerability in Lan ATMService M3 ATM Monitoring System 6.1.0. It explains how remote attackers can access log files containing user cookie values due to server misconfiguration.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Lan ATMService M3 ATM Monitoring System 6.1.0

No auth needed

Prerequisites: Network access to the target system

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

http://lanatmservice.ru/

Third Party Advisory x_refsource_misc

https://github.com/jet-pentest/CVE-2020-29666

Scores

CVSS v3 5.3

EPSS 0.0144

EPSS Percentile 69.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

Status published

Products (1)

lanatmservice/m3_atm_monitoring_system 6.1.0

Published Dec 10, 2020

Tracked Since Feb 18, 2026