PT-2018-12736 · Philips · Philips Pagewriter Tc50+4

Publicado

2018-08-22

Atualizado

2019-10-09

CVE-2018-14801

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs versions prior to May 2018

Description The issue allows an attacker with physical access and the superuser password to access and modify all settings on the device, as well as reset existing passwords.

Recommendations For versions prior to May 2018, restrict physical access to the device and limit knowledge of the superuser password to authorized personnel. As a temporary workaround, consider implementing additional authentication mechanisms to prevent unauthorized access to the device settings.

Correção

Using Hardcoded Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-798

Identificadores relacionados

CVE-2018-14801

Produtos afetados

Philips Pagewriter Tc10

Philips Pagewriter Tc20

Philips Pagewriter Tc30

Philips Pagewriter Tc50

Philips Pagewriter Tc70

PT-2018-12736 · Philips · Philips Pagewriter Tc50+4

CVE-2018-14801

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4