An issue exists on WyreStorm Apollo VX20 devices prior to 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request.
WyreStorm Apollo VX20 versions prior to 1358 suffer from a cleartext credential disclosure vulnerability when accessing /device/config with an HTTP GET ...