PT-2018-16946 · Marine Pro+1 · Marine Pro Observer Android App+2
Brian Olson
+1
·
Publicado
2018-10-08
·
Atualizado
2019-10-09
·
CVE-2018-5402
CVSS v3.1
9.1
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Auto-Maskin DCU-210E versions prior to 3.7
Auto-Maskin RP-210E versions prior to 3.7
Marine Pro Observer Android App versions prior to 3.7
Description
The issue concerns the use of an embedded webserver that transmits the administrator PIN in unencrypted plaintext. This allows an authenticated attacker to change configurations, upload new configuration files, and upload executable code via file upload for firmware updates, but it requires access to the network.
Recommendations
For Auto-Maskin DCU-210E versions prior to 3.7, update to version 3.7 or later to resolve the issue.
For Auto-Maskin RP-210E versions prior to 3.7, update to version 3.7 or later to resolve the issue.
For Marine Pro Observer Android App versions prior to 3.7, update to version 3.7 or later to resolve the issue.
Correção
Cleartext Transmission of Sensitive Information
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Auto-Maskin Dcu-210E
Auto-Maskin Rp210E
Marine Pro Observer Android App