GatesAir Maxiva UAXT and VAXT Transmitters Incorrect Access Control Vulnerability Allowing Database File Retrieval
Vulnerability
A critical information disclosure vulnerability has been identified in the web-based management interface of GatesAir Maxiva UAXT and VAXT transmitters. This vulnerability arises from incorrect access control, allowing unauthenticated attackers to directly access sensitive database backup files, specifically 'snapshot_users.db', through publicly exposed URLs. The vulnerable endpoints are '/logs/devcfg/snapshot/' and '/logs/devcfg/user/'. Exploitation of this vulnerability enables the retrieval of sensitive user data, including login credentials, which could potentially lead to a full system compromise.
Impact
Exploitation of this vulnerability allows unauthenticated access to sensitive database files containing user credentials, which could be used to gain administrative access, according to the vulnerability researcher.
Remediation
To address this vulnerability, it is recommended to implement strict access controls for sensitive directories, apply restrictive file permissions on backup files, encrypt sensitive data before storage, and conduct a comprehensive security audit of the system and its file handling processes.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.