A vulnerability is in the '/login/hostinfo2.cgi' page of the ipTIME A2004, version is 12.17.0.This flaw allows remote attackers to obtain sensitive information,without undergoing any authentication process. It leaked some settings of this device.
http://target/login/hostinfo2.cgi
ipTIME A2004
Visiting the corresponding page directly through the browser can reveal the version information about the device, which is included in the Response Headers.
Shuanunio
CVE-2024-57064