PT-2023-14669 · Sewio · Sewio'S Real-Time Location System (Rtls) Studio
Andrea Palanca
·
Published
2023-01-16
·
Updated
2023-01-26
·
CVE-2022-45444
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Sewio’s Real-Time Location System (RTLS) Studio versions 2.0.0 through 2.6.2
Description
The issue concerns hard-coded passwords for select users in the application’s database, which could allow a remote attacker to login to the database with unrestricted access.
Recommendations
For versions 2.0.0 through 2.6.2, consider changing the hard-coded passwords for select users in the application’s database to unique, secure passwords to prevent unauthorized access. As a temporary workaround, restrict access to the database to minimize the risk of exploitation.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sewio'S Real-Time Location System (Rtls) Studio