Radiflow iSAP Smart Collector Unauthenticated Configuration Access and Modification Vulnerability

Vulnerability

A vulnerability exists in the Radiflow iSAP Smart Collector running on CentOS 7 with VSAP 1.20, allowing an unauthenticated user with management network access to retrieve and alter the device's configuration. This issue arises from two web servers that expose unauthenticated REST APIs on the management network via TCP ports 8084 and 8086. Exploitation of this vulnerability enables access to all system settings, modification of the configuration, and execution of certain commands, such as rebooting the system.

Impact

Exploitation of this vulnerability could lead to unauthorized access and modification of the device's configuration, potentially allowing for disruptive actions like rebooting the system.

Added: Jul 9, 2025, 9:19 AM

Updated: Jul 9, 2025, 9:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.8

exploitability

4.9

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.8

exploitability

4.9

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Radiflow iSAP Smart Collector Unauthenticated Configuration Access and Modification Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating