Vulnerability Description
Dongyoung Media DM-AP240T/W wireless access points contain an unauthenticated configuration disclosure vulnerability in the /cgi-bin/sys_system_config management endpoint. The endpoint allows remote retrieval of a compressed configuration archive without requiring authentication or authorization. The exposed configuration may include administrative credentials and other sensitive settings, enabling an unauthenticated attacker to obtain information that can facilitate further compromise of the device or network.
Related Weaknesses (CWE)
References
- http://dongyoung.com/
- https://cxsecurity.com/issue/WLB-2019100012
- https://packetstorm.news/files/id/154719/
- https://www.vulncheck.com/advisories/dongyoung-media-dm-ap240tw-unauthenticated-
FAQ
What is CVE-2019-25226?
CVE-2019-25226 is a documented vulnerability. Dongyoung Media DM-AP240T/W wireless access points contain an unauthenticated configuration disclosure vulnerability in the /cgi-bin/sys_system_config management endpoint. The endpoint allows remote r...
How severe is CVE-2019-25226?
CVSS scoring is not yet available for CVE-2019-25226. Check NVD for updates.
Is there a patch for CVE-2019-25226?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.