Back to search
CVE-2010-0214
Published: Jan 12, 2011
Modified: Aug 7, 2024
PUBLISHED
Description
The administrative interface on the PolyVision RoomWizard with firmware 3.2.3 places the Sync Connector Active Directory (AD) credentials in a web form that is accessed over HTTP on port 80, which allows remote attackers to obtain sensitive information by reading the HTML source code corresponding to the /admin/sign/DeviceSynch URI.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
VU#870601
third-party-advisory
x_refsource_CERT-VN
roomwizard-password-security-bypass(64543)
vdb-entry
x_refsource_XF
ADV-2011-0059
vdb-entry
x_refsource_VUPEN
20110106 RoomWizard Default Password and Sync Connector Credential Leak [CVE-2010-0214]
mailing-list
x_refsource_FULLDISC
45699
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now