Brian Olson

**Name of the Vulnerable Software and Affected Versions** Auto-Maskin DCU-210E RP-210E versions prior to 3.7 on ARMv7 **Description** The firmware of the Auto-Maskin DCU 210E contains an undocumented Dropbear SSH server, version 2015.55, which listens on Port 22. This server is configured with a hard-coded `username` and `password` combination of `root` / `amroot`, and it uses password-only authentication. An attacker can exploit this issue to gain `root` access to the Angstrom Linux operating system, allowing modification of any binaries or configuration files in the firmware. **Recommendations** For versions prior to 3.7 on ARMv7, update to version 3.7 or later to resolve the issue. As a temporary workaround, consider disabling the Dropbear SSH server until a patch is available. Restrict access to Port 22 to minimize the risk of exploitation. Avoid using the hard-coded `username` and `password` combination until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Auto-Maskin DCU-210E RP-210E versions prior to 3.7 on ARMv7. **Description** The issue arises from the use of an undocumented custom protocol for setting up Modbus communications, which lacks validation of devices. An originating device sends a plaintext message, `48:65:6c:6c:6f:20:57:6f:72:6c:64`, or "Hello World" over UDP ports 44444-44446 to the LAN's broadcast address. Devices on the LAN respond to these messages without verification, sending a plaintext reply containing the device model and firmware version over UDP. This exchange allows Modbus transmissions between devices on the standard Modbus port 502 TCP. An attacker can exploit this to send arbitrary messages to any DCU or RP device through spoofing or replay attacks, provided they have network access. **Recommendations** For Auto-Maskin DCU-210E RP-210E versions prior to 3.7 on ARMv7, update to version 3.7 or later to resolve the issue. As a temporary workaround, consider restricting access to UDP ports 44444-44446 and the standard Modbus port 502 TCP to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Auto-Maskin DCU-210E versions prior to 3.7 Auto-Maskin RP-210E versions prior to 3.7 Marine Pro Observer Android App versions prior to 3.7 **Description** The affected devices transmit sensitive data in cleartext via unencrypted Modbus communications, allowing unauthorized actors to intercept this information. An attacker with access to the network can exploit this issue to observe configurations, settings, and sensor information, which could aid in crafting spoofed messages. **Recommendations** For Auto-Maskin DCU-210E versions prior to 3.7, update to version 3.7 or later to resolve the issue. For Auto-Maskin RP-210E versions prior to 3.7, update to version 3.7 or later to resolve the issue. For Marine Pro Observer Android App versions prior to 3.7, update to version 3.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Auto-Maskin DCU-210E versions prior to 3.7 Auto-Maskin RP-210E versions prior to 3.7 Marine Pro Observer Android App versions prior to 3.7 **Description** The issue concerns the use of an embedded webserver that transmits the administrator PIN in unencrypted plaintext. This allows an authenticated attacker to change configurations, upload new configuration files, and upload executable code via file upload for firmware updates, but it requires access to the network. **Recommendations** For Auto-Maskin DCU-210E versions prior to 3.7, update to version 3.7 or later to resolve the issue. For Auto-Maskin RP-210E versions prior to 3.7, update to version 3.7 or later to resolve the issue. For Marine Pro Observer Android App versions prior to 3.7, update to version 3.7 or later to resolve the issue.