Vulnerability Details : CVE-2016-5810
Public exploit exists!
upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2016-5810
Probability of exploitation activity in the next 30 days: 0.17%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 54 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2016-5810
-
Advantech WebAccess 8.1 Post Authentication Credential Collector
Disclosure Date: 2017-01-21First seen: 2020-04-26auxiliary/gather/advantech_webaccess_credsThis module allows you to log into Advantech WebAccess 8.1, and collect all of the credentials. Although authentication is required, any level of user permission can exploit this vulnerability. Note that 8.2 is not suitable for this. Authors: - h00die - sinn3r <s
CVSS scores for CVE-2016-5810
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
4.9
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
1.2
|
3.6
|
NIST |
CWE ids for CVE-2016-5810
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-5810
-
https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01
Advantech WebAccess ActiveX Vulnerabilities (Update A) | CISAThird Party Advisory;US Government Resource
-
http://www.zerodayinitiative.com/advisories/ZDI-16-429
ZDI-16-429 | Zero Day InitiativeThird Party Advisory;VDB Entry
Products affected by CVE-2016-5810
- cpe:2.3:a:advantech:webaccess:*:*:*:*:*:*:*:*