Primary

Context

ZIV Web Server Authentication Credentials Exposure Vulnerability

Vulnerability

A vulnerability exists in ZIV devices that exposes authentication credentials for the device's web server. The credentials are transmitted in base64 encoding within the HTTP headers. Since base64 is not a secure encryption method, an attacker could intercept the web request during the login process and retrieve the credentials.

Impact

Exploitation of this vulnerability allows for unauthorized access to the device's web server, potentially leading to further actions based on the access rights of the authenticated user.

Added: Sep 29, 2025, 4:18 PM

Updated: Sep 29, 2025, 7:59 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

5.6

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

5.6

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ZIV Web Server Authentication Credentials Exposure Vulnerability

Vulnerability

Impact

Affected Products

ZIV 4CCT-EA6-334126BF

CIRCUTOR SGE-PLC1000

SITEL CAP/PRX

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating