Description
Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring.
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/165166/Auerswald-COMpact-8.0B-Arbitrary-File-Disclosure.html
Exploit, Third Party Advisory x_refsource_misc
https://www.redteam-pentesting.de/advisories/rt-sa-2021-006
Scores
CVSS v3
4.9
EPSS
0.0239
EPSS Percentile
81.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (10)
auerswald/commander_6000r_ip_firmware
< 8.0b
auerswald/commander_6000rx_ip_firmware
< 8.0b
auerswald/commander_basic.2\(19\"\)_ip_firmware
< 8.0b
auerswald/commander_business\(19\"\)_ip_firmware
< 8.0b
auerswald/compact_4000_ip_firmware
< 8.0b
auerswald/compact_5000r_ip_firmware
< 8.0b
auerswald/compact_5010_voip_ip_firmware
< 8.0b
auerswald/compact_5020_voip_ip_firmware
< 8.0b
auerswald/compact_5200r_ip_firmware
< 8.0b
auerswald/compact_5500r_ip_firmware
< 8.0b
Published
Dec 13, 2021
Tracked Since
Feb 18, 2026