vendor:
MCL-Net
by:
Victor A. Morales, GM Sectec Inc.
N/A
CVSS
MEDIUM
Information Disclosure
200
CWE
Product Name: MCL-Net
Affected Version From: 4.3.5.8788
Affected Version To: 4.3.5.8788
Patch Exists: No
Related CWE: CVE-2023-34834
CPE: a:mcl:net:4.3.5.8788
Platforms Tested: Windows
2023
MCL-Net 4.3.5.8788 – Information Disclosure
Directory browsing vulnerability in MCL-Net version 4.3.5.8788 webserver running on default port 5080, allows attackers to gain sensitive information about the configured databases via the "/file" endpoint.
Mitigation:
To mitigate this vulnerability, restrict access to sensitive directories, disable directory browsing, and ensure that sensitive information is not stored in plaintext.