Impacted Devices and Firmware:<\/strong><\/p>\n\n\n\n Summary: <\/strong><\/p>\n\n\n\n The SMTP password for a previously saved set of credentials is disclosed by the device to an administrator. <\/p>\n\n\n\n Description: <\/strong><\/p>\n\n\n\n When an administrator authenticates with the device and browses the settings pages, the SMTP password is loaded from the device and presented in the DOM in plaintext. When settings are saved, the SMTP credentials are sent back to the device in plain text. This allows an actor with administrative access to the device to obtain the SMTP credentials previously stored in the device’s settings.\u00a0<\/p>\n\n\n\n Recommendation: <\/strong><\/p>\n\n\n\n For best security, upgrade from legacy E-model devices to S-models which do not have this vulnerability. Regardless of the model, AVTECH strongly recommends that users set custom administrative credentials on the device to restrict access to all settings, including SMTP credentials. When using E-models, use Room Alert Account or Room Alert Manager, where possible, to send email notifications instead of sending them directly from the device. If the device is not being used to send emails, ensure any SMTP credentials have been removed from the device. <\/p>\n","protected":false},"excerpt":{"rendered":" May 16, 2024 CVE-2024-33470 Impacted Devices and Firmware: Summary: The SMTP password for a previously saved set of credentials is disclosed by the device to an administrator. Description: When an administrator authenticates with the device and browses the settings pages, the SMTP password is loaded from the device and presented in the DOM in plaintext. […]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0},"categories":[300],"tags":[],"yoast_head":"\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\t\n\n