VYPR

CWE-319

Cleartext Transmission of Sensitive Information

BaseDraftLikelihood: High

Description

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-102 · CAPEC-117 · CAPEC-383 · CAPEC-477 · CAPEC-65

CVEs mapped to this weakness (302)

page 4 of 16
  • CVE-2026-24455HigFeb 20, 2026
    risk 0.49cvss 7.5epss 0.00

    The embedded web interface of the device does not support HTTPS/TLS for authentication and uses HTTP Basic Authentication. Traffic is encoded but not encrypted, exposing user credentials to passive interception by attackers on the same network.

  • CVE-2020-36917HigJan 6, 2026
    risk 0.49cvss 7.5epss 0.00

    iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmission. Attackers can exploit the autoSave feature to capture user passwords…

  • CVE-2020-36914HigJan 6, 2026
    risk 0.49cvss 7.5epss 0.00

    QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authentication credentials through cleartext cookie transmission. Attackers can perform man-in-the-middle attacks to capture and…

  • CVE-2025-62765HigNov 15, 2025
    risk 0.49cvss 7.5epss 0.00

    General Industrial Controls Lynx+ Gateway is vulnerable to a cleartext transmission vulnerability that could allow an attacker to observe network traffic to obtain sensitive information, including plaintext credentials.

  • CVE-2025-41718HigOct 14, 2025
    risk 0.49cvss 7.5epss 0.00

    A cleartext transmission of sensitive information vulnerability in the affected products allows an unauthorized remote attacker to gain login credentials and access the Web-UI.

  • CVE-2025-7731HigSep 1, 2025
    risk 0.49cvss 7.5epss 0.00

    Cleartext Transmission of Sensitive Information vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to obtain credential information by intercepting SLMP communication messages, and read or write the device…

  • CVE-2025-53703HigJul 22, 2025
    risk 0.49cvss 7.5epss 0.00

    DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without encryption over a channel that could be intercepted by attackers.

  • CVE-2025-44251HigJul 10, 2025
    risk 0.49cvss 7.5epss 0.00

    Ecovacs Deebot T10 1.7.2 transmits Wi-Fi credentials in cleartext during the pairing process.

  • CVE-2025-5270HigMay 27, 2025
    risk 0.49cvss 7.5epss 0.00

    In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability was fixed in Firefox 139 and Thunderbird 139.

  • CVE-2025-27594HigMar 14, 2025
    risk 0.49cvss 7.5epss 0.00

    The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a…

  • CVE-2025-1060HigFeb 13, 2025
    risk 0.49cvss 7.5epss 0.00

    CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists that could result in the exposure of data when network traffic is being sniffed by an attacker.

  • CVE-2024-36558HigFeb 6, 2025
    risk 0.49cvss 7.5epss 0.00

    Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h suffers from Cleartext Transmission of Sensitive Information due to lack of encryption in device-server communication.

  • CVE-2024-48788HigOct 11, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue in YESCAM (com.yescom.YesCam.zwave) 1.0.2 allows a remote attacker to obtain sensitive information via the firmware update process.

  • CVE-2024-36426HigMay 27, 2024
    risk 0.49cvss 7.5epss 0.00

    In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP session.

  • CVE-2023-3272HigJul 10, 2023
    risk 0.49cvss 7.5epss 0.00

    Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow a remote attacker to gather sensitive information by intercepting network traffic that is not encrypted.

  • CVE-2021-22703HigFeb 19, 2021
    risk 0.49cvss 7.5epss 0.01

    A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious…

  • CVE-2021-22702HigFeb 19, 2021
    risk 0.49cvss 7.5epss 0.01

    A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials…

  • CVE-2020-7488HigApr 22, 2020
    risk 0.49cvss 7.5epss 0.01

    A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 controllers.

  • CVE-2018-18071HigOct 9, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive…

  • CVE-2018-11338HigJul 31, 2018
    risk 0.49cvss 7.5epss 0.01

    Intuit Lacerte 2017 for Windows in a client/server environment transfers the entire customer list in cleartext over SMB, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors.…