CVE-2021-34544

MEDIUM

Solar-Log 500 < 2.8.2 - Cleartext Storage of Sensitive Information in Export and Notification Pages

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-34544. PoCs published by Luca.Chiou.

AI-analyzed exploit summary The exploit describes an information disclosure vulnerability in Solar-Log 500 devices where plaintext passwords for FTP, SMTP, and SMS services are exposed via specific HTML endpoints. The PoC involves accessing these endpoints to retrieve sensitive credentials.

Description

An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. In /export.html, email.html, and sms.html, cleartext passwords are stored. This may allow sensitive information to be read by someone with access to the device. Fixed with 3.0.0-60 11.10.2013 for SL 200, 500, 1000 / not existing for SL 250, 300, 1200, 2000, SL 50 Gateway, SL Base.

Exploits (1)

exploitdb WRITEUP

by Luca.Chiou · textwebappsmultiple

https://www.exploit-db.com/exploits/49987

View Code ZIP pw:eip

The exploit describes an information disclosure vulnerability in Solar-Log 500 devices where plaintext passwords for FTP, SMTP, and SMS services are exposed via specific HTML endpoints. The PoC involves accessing these endpoints to retrieve sensitive credentials.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Solar-Log 500 prior to 2.8.2 Build 52

No auth needed

Prerequisites: Network access to the Solar-Log device

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory

https://drive.google.com/file/d/1N8Ch1UGNcoocUaPhOe_1mAECOe5kr4pt/view?usp=sharing

Exploit, Third Party Advisory, VDB Entry

https://www.exploit-db.com/exploits/49987

Product, Release Notes, Vendor Advisory

https://www.solar-log.com/en/support/firmware/

Scores

CVSS v3 6.5

EPSS 0.0100

EPSS Percentile 58.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-312

Status published

Products (2)

bkw/solar-log_500_firmware 2.8.2 build_50

bkw/solar-log_500_firmware < 2.8.1

Published Dec 07, 2021

Tracked Since Feb 18, 2026