CVE-2016-5810
Advantech WebAccess upAdminPg Information Disclosure Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors.
UpAdminPg.asp en Advantech WebAccess versiones anteriores a 8.1_20160519 permite a los administradores autenticados remotos obtener información sensible de contraseñas a través de vectores no especificados.
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess. Authentication is required to exploit this vulnerability.
The specific flaw exists within upAdminPg.asp. One project administrator can view other project administrators' passwords along with the system administrator's password. An attacker can leverage this vulnerability to escalate privileges within the system.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-06-23 CVE Reserved
- 2016-07-18 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-31 First Exploit
- 2025-06-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.zerodayinitiative.com/advisories/ZDI-16-429 | Third Party Advisory |
|
| https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01 | Third Party Advisory | |
| https://github.com/rapid7/metasploit-framework/pull/7859#issuecomment-274305229 |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/180697 | 2024-08-31 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|