An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows malicious users to gain access to SMTP credentials in plaintext via a crafted AJAX request. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.