BEC Technologies Routers Insufficiently Protected Credentials Information Disclosure Vulnerability

Vulnerability

A vulnerability exists in multiple BEC Technologies routers, allowing network-adjacent attackers to disclose sensitive information. This issue arises from the /cgi-bin/tools_usermanage.asp endpoint, which transmits a list of users and their credentials to be processed on the client side. As a result, an attacker could intercept and access these credentials, potentially leading to further exploitation.

Impact

Exploitation of this vulnerability allows for the interception and disclosure of user credentials, which could be used to compromise affected systems.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BEC Technologies Routers Insufficiently Protected Credentials Information Disclosure Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating