CVE-2019-25226
BaseFortify
Publication date: 2025-11-26
Last updated on: 2025-11-26
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dongyoung_media | dm-ap240t | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Dongyoung Media DM-AP240T/W wireless access points, where the /cgi-bin/sys_system_config management endpoint allows anyone to remotely retrieve a compressed configuration archive without needing to authenticate or have authorization. This archive may contain administrative credentials and other sensitive settings, which means an attacker can gain access to critical information without any restrictions.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive configuration data, including administrative credentials. This can enable an attacker to further compromise the affected device or the network it is connected to, potentially leading to loss of control over the device, network breaches, and exposure of confidential information.