Level1 EAP Devices offer a function do download the device config file. This download mechanism is not properly protected such that an attacker can download the config file without authentication. Passwords can be retrieved at this point…. Level1 EAP Devices offer a function do download the device config file. This download mechanism is not properly protected such that an attacker can download the config file without authentication. Passwords can be retrieved at this point.

Read more http://packetstormsecurity.com/files/123641/levelone-passwd.txt