Primary

Context

Bridge Technologies VB288 Objective QoE Content Extractor Information Disclosure Vulnerability

Vulnerability

A vulnerability allowing unauthorized access to sensitive information, such as administrator passwords, has been identified in the Bridge Technologies VB288 Objective QoE Content Extractor, specifically in firmware version 5.6.0-8. The issue arises from improper authorization in the '/probe/core/setup/passwd' endpoint, allowing attackers to extract password data through simple HTTP requests.

Impact

Exploitation of this vulnerability leads to unauthorized access to sensitive information, specifically administrator passwords.

Reproduction

To reproduce this vulnerability, send a GET request to the '/probe/core/setup/passwd' endpoint. Include the 'Change' parameter set to '1', the 'passwd2' parameter with a value of 'slvisolp', and the 'submitflash' parameter set to 'OK'. This request will return the admin password.

Added: Nov 19, 2025, 6:24 PM

Updated: Nov 19, 2025, 7:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

1.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

1.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Bridge Technologies VB288 Objective QoE Content Extractor Information Disclosure Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating