High severity7.5NVD Advisory· Published May 3, 2021· Updated Jun 17, 2026
CVE-2020-35755
CVE-2020-35755
Description
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service Read_ NVRAM Direct Access Information Leak. The luci_service deamon running on port 7777 provides a sub-category of commands for which Read_ is prepended. Commands in this category are able to directly read the contents of the device configuration NVRAM. The NVRAM contains sensitive information, such as the Wi-Fi password (in cleartext), as well as connected account tokens for services such as Spotify.
Affected products
2- Libre Wireless/LS9 LS1.5/p7040description
- Range: LS1.5/p7040
Patches
Vulnerability mechanics
References
1- www.iot-inspector.com/blog/advisory-multiple-issues-libre-wireless-ls9/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.