Product: Netis DL4323 Modem
CVE: CVE-2019-20074
CVSS 3.x Base Score: 8.8 HIGH
Description: On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page.
In the modem interface of the Netis DL4323 modem, you can obtain the all of the users password as a clear text format. As a result of this vulnerability, guest privileged user can escalate the privilege using superuser password.
