Bridge Technologies Probes Information Disclosure Vulnerability

A vulnerability allowing unauthorized access to sensitive information, such as administrator passwords, has been identified in Bridge Technologies probes, including the VB220 IP Network Probe, VB120 Embedded IP + RF Probe, VB330 High-Capacity Probe, VB440 ST 2110 Production Analytics Probe, and NOMAD. This issue affects firmware versions 6.5.0-9 and arises from improper authorization, allowing attackers to exploit the /probe/core/setup/passwd endpoint to retrieve password data.

Impact

Exploitation of this vulnerability leads to unauthorized disclosure of sensitive information, specifically administrator passwords.

Reproduction

To reproduce this vulnerability, send a GET request to the /probe/core/setup/passwd endpoint with the appropriate query parameters. This request can be made using a web browser or a tool like curl. The response will include the admin password, demonstrating the information disclosure flaw.