CVE-2016-15056

Vulnerability Description

Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can request 'Configuration_file.cfg' directly to obtain the backup archive. Because backup files are not encrypted, they expose sensitive information including the plaintext admin password, allowing full compromise of the device.

Related Weaknesses (CWE)

References

• https://seclists.org/fulldisclosure/2016/Jul/66
• https://web.archive.org/web/20160403014231/http://www.ubeeinteractive.com/produc
• https://web.archive.org/web/20160726145043/http://www.search-lab.hu/advisories/1
• https://www.exploit-db.com/exploits/40156
• https://www.vulncheck.com/advisories/ubee-evw3226-unauthenticated-backup-file-di
• https://seclists.org/fulldisclosure/2016/Jul/66
• https://web.archive.org/web/20160726145043/http://www.search-lab.hu/advisories/1
• https://www.exploit-db.com/exploits/40156

FAQ

What is CVE-2016-15056?

CVE-2016-15056 is a documented vulnerability. Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessib...

How severe is CVE-2016-15056?

CVSS scoring is not yet available for CVE-2016-15056. Check NVD for updates.

Is there a patch for CVE-2016-15056?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.