CVE-2016-15056 PUBLISHED

Ubee EVW3226 Unauthenticated Backup File Disclosure

Assigner: VulnCheck
Reserved: 14.11.2025 Published: 14.11.2025 Updated: 18.11.2025

Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can request 'Configuration_file.cfg' directly to obtain the backup archive. Because backup files are not encrypted, they expose sensitive information including the plaintext admin password, allowing full compromise of the device.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score: 8.7

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	High	Confidentiality	None
Attack Complexity	Low	Integrity	None	Integrity	None
Attack Requirements	None	Availability	None	Availability	None
Privileges Required	None
User Interaction	None

CVSS 4.0

Product Status

Vendor	Ubee Interactive
Product	Ubee EVW3226
Versions	Default: unknown affected from 0 to 1.0.20 (incl.)

Credits

Gergely Eberhardt of Search-Lab.hu finder

References

Problem Types

CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory CWE