Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Device Web Interface Sends Passwords in Plain Text Over Network
CVE-2026-24455
Summary
The device's web interface sends user passwords in plain text over the network, making them easily accessible to anyone on the same network. This means that hackers can intercept and steal user credentials, potentially gaining unauthorized access to the device. To protect sensitive information, consider using a VPN or configuring the device to use a secure authentication method.
Original title
The embedded web interface of the device does not support HTTPS/TLS for
authentication and uses HTTP Basic Authentication. Traffic is encoded
but not encrypted, exposing user credentials to passi...
Original description
The embedded web interface of the device does not support HTTPS/TLS for
authentication and uses HTTP Basic Authentication. Traffic is encoded
but not encrypted, exposing user credentials to passive interception by
attackers on the same network.
authentication and uses HTTP Basic Authentication. Traffic is encoded
but not encrypted, exposing user credentials to passive interception by
attackers on the same network.
nvd CVSS3.1
7.5
Vulnerability type
CWE-319
Cleartext Transmission of Sensitive Information
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026