CVE-2016-15056
BaseFortify
Publication date: 2025-11-14
Last updated on: 2025-11-18
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ubee | evw3226 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-538 | The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Ubee EVW3226 cable modem/routers with firmware versions up to 1.0.20. The device stores configuration backup files in the web root directory after they are generated for download. These backup files remain accessible without any authentication until the device is rebooted. A remote attacker on the local network can directly request the backup file named 'Configuration_file.cfg' and obtain it. Since these backup files are not encrypted, they expose sensitive information including the plaintext administrator password, which can lead to full compromise of the device.
How can this vulnerability impact me? :
An attacker on the local network can exploit this vulnerability to access the device's configuration backup file without authentication. This file contains sensitive information such as the plaintext administrator password. With this information, the attacker can fully compromise the device, potentially gaining control over the modem/router and any network traffic passing through it.