Vulnerability Details CVE-2020-25746
QED ResourceXpress Qubi3 devices before 1.40.9 could allow a local attacker (with physical access to the device) to obtain sensitive information via the debug interface (keystrokes over a USB cable), aka wireless password visibility.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.5%
CVSS Severity
CVSS v3 Score 4.6
CVSS v2 Score 2.1
References
- https://resourcexpress.atlassian.net/wiki/spaces/RSG/pages/878641153/v1.40.9
- https://www.resourcexpress.com/meeting-room-booking-systems/hardware/qubi3/
- https://resourcexpress.atlassian.net/wiki/spaces/RSG/pages/878641153/v1.40.9
- https://www.resourcexpress.com/meeting-room-booking-systems/hardware/qubi3/
Products affected by CVE-2020-25746
-
cpe:2.3:h:resourcexpress:qubi3:-
-
cpe:2.3:o:resourcexpress:qubi3_firmware:1.30.2
-
cpe:2.3:o:resourcexpress:qubi3_firmware:1.31.3
-
cpe:2.3:o:resourcexpress:qubi3_firmware:1.32.0
-
cpe:2.3:o:resourcexpress:qubi3_firmware:1.32.2
-
cpe:2.3:o:resourcexpress:qubi3_firmware:1.32.3
-
cpe:2.3:o:resourcexpress:qubi3_firmware:1.32.6
-
cpe:2.3:o:resourcexpress:qubi3_firmware:1.33.0
-
cpe:2.3:o:resourcexpress:qubi3_firmware:1.33.1
-
cpe:2.3:o:resourcexpress:qubi3_firmware:1.33.2
-
cpe:2.3:o:resourcexpress:qubi3_firmware:1.40.2a
-
cpe:2.3:o:resourcexpress:qubi3_firmware:1.40.3
-
cpe:2.3:o:resourcexpress:qubi3_firmware:1.40.4
-
cpe:2.3:o:resourcexpress:qubi3_firmware:1.40.5
-
cpe:2.3:o:resourcexpress:qubi3_firmware:1.40.8