CVE-2015-7929

low-risk
Published 2015-12-23

eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.

Do I need to act?

~
1.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.3/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Ewon Firmware

Affected Vendors

Ewon

References (10)

Vendor Advisory http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01
http://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBA...
http://seclists.org/fulldisclosure/2015/Dec/118
http://www.securityfocus.com/bid/79625
Third Party Advisory https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03
Vendor Advisory http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01
http://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBA...
http://seclists.org/fulldisclosure/2015/Dec/118
http://www.securityfocus.com/bid/79625
Third Party Advisory https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03
26
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 3/34 · Minimal
Exposure 5/34 · Minimal