The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials.
Credits
Anurag Chevendra, Parul Sindhwad and Dr. Faruk Kazi CoE-CNDS Lab, VJTI, Mumbai, India reported this vulnerability to CISA.
