Vulnerability Details CVE-2020-35755
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service Read_ NVRAM Direct Access Information Leak. The luci_service deamon running on port 7777 provides a sub-category of commands for which Read_ is prepended. Commands in this category are able to directly read the contents of the device configuration NVRAM. The NVRAM contains sensitive information, such as the Wi-Fi password (in cleartext), as well as connected account tokens for services such as Spotify.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.1%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2020-35755
-
cpe:2.3:h:librewireless:ls9:-
-
cpe:2.3:o:librewireless:ls9_firmware:7040