← back
CVE-2019-25226

Dongyoung Media DM-AP240T/W Unauthenticated Configuration Disclosure

CVSS 8.7 HIGHEPSS 0.5%CWE-306
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.7EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
26 Nov 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Dongyoung Media DM-AP240T/W wireless access points contain an unauthenticated configuration disclosure vulnerability in the /cgi-bin/sys_system_config management endpoint. The endpoint allows remote retrieval of a compressed configuration archive without requiring authentication or authorization. The exposed configuration may include administrative credentials and other sensitive settings, enabling an unauthenticated attacker to obtain information that can facilitate further compromise of the device or network.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →