← Back

CVE-2018-5402

nvd nist
Published: Oct 8, 2018Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and upload executable code via file upload for firmware updates. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and the Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7.

Affected (3)

Auto Maskin
3 products
Rp 210e Firmware
Dcu 210e Firmware
Marine Pro Observer
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rp 210e Firmware
All versions
Running on/withPlatform Versions
Auto Maskin
Rp 210e
All versions
Configuration B
1 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Dcu 210e Firmware
All versions
Running on/withPlatform Versions
Arm
Arm7
Before 3.7
Auto Maskin
Dcu 210e
All versions
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Marine Pro Observer
All versions

Related CWEs

CWE-310
CWE-310
CWE-319
Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (4)

Source: cret@cert.org
Third Party AdvisoryUS Government Resource
Source: cret@cert.org
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.