Vulnerability Details CVE-2020-7227
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, backup.asp, sys-power.asp, ifaces-wls.asp, ifaces-wls-pkt.asp, and ifaces-wls-pkt-adv.asp.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.5%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
Products affected by CVE-2020-7227
-
cpe:2.3:h:westermo:mrd-315:-
-
cpe:2.3:o:westermo:mrd-315_firmware:1.7.3
-
cpe:2.3:o:westermo:mrd-315_firmware:1.7.4