Main Vulnerability Database Vulnerabilities #VU48138

Cleartext transmission of sensitive information in NIO 50 - CVE-2020-25155

Published: November 4, 2020

Vulnerability identifier: #VU48138

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-25155

CWE-ID: CWE-319

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
NIO 50

Software vendor:
NEXCOM

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker with ability to intercept network traffic can gain access to sensitive data.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://ics-cert.us-cert.gov/advisories/icsa-20-308-02

Cleartext transmission of sensitive information in NIO 50 - CVE-2020-25155

Description

Remediation

External links

Please verify you're human