Insufficient Access Controls in Cistron-LG 1.01 Allow Remote Retrieval of Sensitive Information

Insufficient Access Controls in Cistron-LG 1.01 Allow Remote Retrieval of Sensitive Information

CVE-2014-3930 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

lg.pl in Cistron-LG 1.01 stores sensitive information under the web root with insufficient access controls, which allows remote attackers to obtain IP addresses and other unspecified router credentials.

Learn more about our Web App Pen Testing.