CWE-1392
Use of Default Credentials
The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.
CVE-2018-25147 (GCVE-0-2018-25147)
Vulnerability from cvelistv5 – Published: 2025-12-24 19:27 – Updated: 2025-12-24 20:25
VLAI?
Title
Microhard Systems IPn4G 1.1.0 Default Credentials Authentication Bypass
Summary
Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the device by logging in with predefined username and password combinations.
Severity ?
7.5 (High)
CWE
- CWE-1392 - Use of Default Credentials
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microhard Systems | Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Default Credentials |
Affected:
IPn4G 1.1.0 build 1098
|
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25147",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-24T20:11:21.555246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T20:25:21.195Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5480.php"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Default Credentials",
"vendor": "Microhard Systems",
"versions": [
{
"status": "affected",
"version": "IPn4G 1.1.0 build 1098"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2018-03-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the device by logging in with predefined username and password combinations."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T19:27:50.490Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-45040",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45040"
},
{
"name": "Microhard Systems Product Homepage",
"tags": [
"product"
],
"url": "http://www.microhardcorp.com"
},
{
"name": "Zero Science Lab Disclosure (ZSL-2018-5480)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5480.php"
}
],
"title": "Microhard Systems IPn4G 1.1.0 Default Credentials Authentication Bypass",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25147",
"datePublished": "2025-12-24T19:27:50.490Z",
"dateReserved": "2025-12-24T14:28:02.435Z",
"dateUpdated": "2025-12-24T20:25:21.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47707 (GCVE-0-2021-47707)
Vulnerability from cvelistv5 – Published: 2025-12-09 20:39 – Updated: 2025-12-10 15:41
VLAI?
Title
COMMAX CVD-Axx DVR Weak Default Credentials Stream Disclosure
Summary
COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', allowing them to access the web control panel.
Severity ?
CWE
- CWE-1392 - Use of Default Credentials
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| COMMAX Co., Ltd. | COMMAX CVD-Axx DVR |
Affected:
CVD-AH04 DVR 4.4.1
|
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47707",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-10T15:41:03.540626Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T15:41:18.274Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "COMMAX CVD-Axx DVR",
"vendor": "COMMAX Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "CVD-AH04 DVR 4.4.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCOMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the \u0027passkey\u0027 parameter set to \u00271234\u0027, allowing them to access the web control panel.\u003c/p\u003e"
}
],
"value": "COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the \u0027passkey\u0027 parameter set to \u00271234\u0027, allowing them to access the web control panel."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392: Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T20:39:01.947Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-50210",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50210"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://www.commax.com"
},
{
"name": "Zero Science Lab Disclosure (ZSL-2021-5667)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5667.php"
},
{
"name": "VulnCheck Advisory: COMMAX CVD-Axx DVR Weak Default Credentials Stream Disclosure",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/commax-cvd-axx-dvr-weak-default-credentials-stream-disclosure"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "COMMAX CVD-Axx DVR Weak Default Credentials Stream Disclosure",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47707",
"datePublished": "2025-12-09T20:39:01.947Z",
"dateReserved": "2025-12-05T19:10:29.046Z",
"dateUpdated": "2025-12-10T15:41:18.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-30603 (GCVE-0-2023-30603)
Vulnerability from cvelistv5 – Published: 2023-06-02 00:00 – Updated: 2025-01-08 20:00
VLAI?
Title
Hitron Technologies Inc. CODA-5310 - Using default credentials
Summary
Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remote attackers can exploit this vulnerability to obtain the administrator’s privilege, resulting in performing arbitrary system operation or disrupt service.
Severity ?
9.8 (Critical)
CWE
- CWE-1392 - Use of Default Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hitron Technologies Inc. | Hitron CODA-5310 |
Affected:
v7.2.4.7.1b3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7085-13321-1.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30603",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T19:59:04.742872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T20:00:45.438Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hitron CODA-5310",
"vendor": "Hitron Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "v7.2.4.7.1b3"
}
]
}
],
"datePublic": "2023-05-01T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remote attackers can exploit this vulnerability to obtain the administrator\u2019s privilege, resulting in performing arbitrary system operation or disrupt service.\u003c/p\u003e"
}
],
"value": "Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remote attackers can exploit this vulnerability to obtain the administrator\u2019s privilege, resulting in performing arbitrary system operation or disrupt service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392: Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-14T03:47:30.952Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7085-13321-1.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHitron Technologies Inc. has provided a problem-solving version to the internet service provider and informed them to upgrade. If there are any issues, please contact the network provider.\u003c/p\u003e"
}
],
"value": "Hitron Technologies Inc. has provided a problem-solving version to the internet service provider and informed them to upgrade. If there are any issues, please contact the network provider."
}
],
"source": {
"advisory": "TVN-202304004",
"discovery": "EXTERNAL"
},
"title": "Hitron Technologies Inc. CODA-5310 - Using default credentials",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2023-30603",
"datePublished": "2023-06-02T00:00:00",
"dateReserved": "2023-04-13T00:00:00",
"dateUpdated": "2025-01-08T20:00:45.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30801 (GCVE-0-2023-30801)
Vulnerability from cvelistv5 – Published: 2023-10-10 13:46 – Updated: 2025-11-21 16:15
VLAI?
Title
qBittorrent Web UI Default Credentials Lead to RCE
Summary
All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the "external program" feature in the web user interface. This was reportedly exploited in the wild in March 2023.
Severity ?
9.8 (Critical)
CWE
- CWE-1392 - Use of Default Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| qBittorrent | qBittorrent client |
Affected:
0 , ≤ 4.5.5
(1.2.6)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/qbittorrent/qBittorrent/issues/18731"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vulncheck.com/advisories/qbittorrent-default-creds"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5WXBKELVZFZNIDONIJESOCSRPIQNCGI/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U4BNFJR3ZWVLE2YSYIQYBWVDQBBZOLEL/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"MacOS"
],
"product": "qBittorrent client",
"vendor": "qBittorrent",
"versions": [
{
"lessThanOrEqual": "4.5.5",
"status": "affected",
"version": "0",
"versionType": "1.2.6"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qbittorrent:qbittorrent:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.5.5",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the \"external program\" feature in the web user interface. This was reportedly exploited in the wild in March 2023.\u003cbr\u003e"
}
],
"value": "All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the \"external program\" feature in the web user interface. This was reportedly exploited in the wild in March 2023."
}
],
"impacts": [
{
"capecId": "CAPEC-70",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-70 Try Common or Default Usernames and Passwords"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392: Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T16:15:48.956Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/qbittorrent/qBittorrent/issues/18731"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/qbittorrent-default-creds"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5WXBKELVZFZNIDONIJESOCSRPIQNCGI/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U4BNFJR3ZWVLE2YSYIQYBWVDQBBZOLEL/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "qBittorrent Web UI Default Credentials Lead to RCE",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-30801",
"datePublished": "2023-10-10T13:46:46.775Z",
"dateReserved": "2023-04-18T10:31:45.962Z",
"dateUpdated": "2025-11-21T16:15:48.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-3703 (GCVE-0-2023-3703)
Vulnerability from cvelistv5 – Published: 2023-09-03 14:19 – Updated: 2024-09-30 20:46
VLAI?
Title
Proscend Advice ICR Series routers fw version 1.76
Summary
Proscend Advice ICR Series routers FW version 1.76 - CWE-1392: Use of Default Credentials
Severity ?
10 (Critical)
CWE
- CWE-1392 - Use of Default Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Proscend Advice | ICR Series routers FW |
Affected:
version 1.76 , < Upgrade to fw version 2.24.
(custom)
|
Credits
Anonymous
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:proscend:icr_series_routers_fw:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "icr_series_routers_fw",
"vendor": "proscend",
"versions": [
{
"lessThan": "2.24",
"status": "affected",
"version": "1.76",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3703",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T20:43:24.600191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T20:46:08.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ICR Series routers FW",
"vendor": "Proscend Advice",
"versions": [
{
"lessThan": "Upgrade to fw version 2.24.",
"status": "affected",
"version": "version 1.76",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Anonymous"
}
],
"datePublic": "2023-09-03T13:42:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eProscend Advice ICR Series routers FW version 1.76\u003c/span\u003e\u0026nbsp;- CWE-1392: Use of Default Credentials\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e"
}
],
"value": "\n\n\n\n\n\n\n\n\nProscend Advice ICR Series routers FW version 1.76\u00a0- CWE-1392: Use of Default Credentials"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392: Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-03T14:19:26.169Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpgrade to fw version 2.24.\u003c/span\u003e\n\n"
}
],
"value": "\nUpgrade to fw version 2.24.\n\n"
}
],
"source": {
"advisory": "ILVN-2023-0125",
"discovery": "UNKNOWN"
},
"title": "Proscend Advice ICR Series routers fw version 1.76",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2023-3703",
"datePublished": "2023-09-03T14:19:26.169Z",
"dateReserved": "2023-07-17T09:45:14.295Z",
"dateUpdated": "2024-09-30T20:46:08.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40704 (GCVE-0-2023-40704)
Vulnerability from cvelistv5 – Published: 2024-07-18 16:33 – Updated: 2025-08-27 20:32
VLAI?
Title
Philips Vue PACS Use of Default Credentials
Summary
The product does not require unique and complex passwords to be created
during installation. Using Philips's default password could jeopardize
the PACS system if the password was hacked or leaked. An attacker could
gain access to the database impacting system availability and data
integrity.
Severity ?
6.8 (Medium)
CWE
- CWE-1392 - Use of Default Credentials
Assigner
References
Credits
TAS Health NZ and Camiel van Es reported these vulnerabilities to Philips.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:philips:vue_pacs:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "vue_pacs",
"vendor": "philips",
"versions": [
{
"lessThan": "12.2.8.410",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T17:50:31.631061Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:32:53.978Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:51.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.philips.com/productsecurity"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Vue PACS",
"vendor": "Philips",
"versions": [
{
"lessThan": "12.2.8.410",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "TAS Health NZ and Camiel van Es reported these vulnerabilities to Philips."
}
],
"datePublic": "2024-07-18T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\nThe product does not require unique and complex passwords to be created \nduring installation. Using Philips\u0027s default password could jeopardize \nthe PACS system if the password was hacked or leaked. An attacker could \ngain access to the database impacting system availability and data \nintegrity.\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "The product does not require unique and complex passwords to be created \nduring installation. Using Philips\u0027s default password could jeopardize \nthe PACS system if the password was hacked or leaked. An attacker could \ngain access to the database impacting system availability and data \nintegrity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392 Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T20:17:10.791Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01"
},
{
"url": "http://www.philips.com/productsecurity"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips recommends the following mitigations:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFor CVE-2021-28165, Philips recommends configuring the Vue PACS \nenvironment per D000763414 \u2013 Vue_PACS_12_Ports_Protocols_Services_Guide \navailable on \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://incenter.medical.philips.com/Default.aspx?tabid=867\"\u003eIncenter\u003c/a\u003e. Vue PACS version 12.2.8.410* released in October 2023 prevents this vulnerability.\u003c/li\u003e\n\u003cli\u003eFor CVE-2023-40704, Philips recommends no action needed due to low \nrisk of exploitability, but customers can request that Philips update \ndatabase password(s).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor managed services users, new releases will be made available upon \nresource availability. Releases are subject to country specific \nregulations. Users with questions regarding their specific Philips Vue \nPACS installations and new release eligibility should contact their \nlocal Philips sales representative or submit a request in the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.informatics.support.philips.com/csm\"\u003ePhilips Informatics Support portal\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\"\u003ePhilips advisory\u003c/a\u003e for more details.\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Philips recommends the following mitigations:\n\n\n\n * For CVE-2021-28165, Philips recommends configuring the Vue PACS \nenvironment per D000763414 \u2013 Vue_PACS_12_Ports_Protocols_Services_Guide \navailable on Incenter https://incenter.medical.philips.com/Default.aspx . Vue PACS version 12.2.8.410* released in October 2023 prevents this vulnerability.\n\n * For CVE-2023-40704, Philips recommends no action needed due to low \nrisk of exploitability, but customers can request that Philips update \ndatabase password(s).\n\n\n\n\nFor managed services users, new releases will be made available upon \nresource availability. Releases are subject to country specific \nregulations. Users with questions regarding their specific Philips Vue \nPACS installations and new release eligibility should contact their \nlocal Philips sales representative or submit a request in the Philips Informatics Support portal https://www.informatics.support.philips.com/csm .\n\n\nRefer to the Philips advisory https://www.philips.com/productsecurity for more details."
}
],
"source": {
"advisory": "ICSMA-24-200-01",
"discovery": "EXTERNAL"
},
"title": "Philips Vue PACS Use of Default Credentials",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-40704",
"datePublished": "2024-07-18T16:33:27.444Z",
"dateReserved": "2023-08-21T22:12:52.587Z",
"dateUpdated": "2025-08-27T20:32:53.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49621 (GCVE-0-2023-49621)
Vulnerability from cvelistv5 – Published: 2024-01-09 10:00 – Updated: 2025-06-17 20:39
VLAI?
Summary
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device.
Severity ?
9.8 (Critical)
CWE
- CWE-1392 - Use of Default Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Siemens | SIMATIC CN 4100 |
Affected:
All versions < V2.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:25.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-777015.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49621",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-23T05:01:44.085293Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T20:39:17.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CN 4100",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC CN 4100 (All versions \u003c V2.7). The \"intermediate installation\" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392: Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T10:00:11.770Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-777015.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-49621",
"datePublished": "2024-01-09T10:00:11.770Z",
"dateReserved": "2023-11-28T10:01:06.679Z",
"dateUpdated": "2025-06-17T20:39:17.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10476 (GCVE-0-2024-10476)
Vulnerability from cvelistv5 – Published: 2024-12-17 15:16 – Updated: 2024-12-17 15:35
VLAI?
Summary
Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as protected health information (PHI) and personally identifiable information (PII). Exploitation of this vulnerability may allow an attacker to shut down or otherwise impact the availability of the system. Note: BD Synapsys™ Informatics
Solution is only in scope of
this vulnerability when
installed on a NUC server. BD Synapsys™
Informatics Solution installed
on a customer-provided virtual machine or on the BD Kiestra™ SCU hardware is
not in scope.
Severity ?
CWE
- CWE-1392 - USE OF DEFAULT CREDENTIALS
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Becton Dickinson & Co | BD BACTEC™ Blood Culture System |
Affected:
0 , ≤ 7.20
(custom)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10476",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T15:35:29.382383Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T15:35:43.490Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "BD BACTEC\u2122 Blood Culture System",
"vendor": "Becton Dickinson \u0026 Co",
"versions": [
{
"lessThanOrEqual": "7.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "BD COR\u2122 System",
"vendor": "Becton Dickinson \u0026 Co",
"versions": [
{
"lessThanOrEqual": "8.90",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "BD EpiCenter\u2122 Microbiology Data Management System",
"vendor": "Becton Dickinson \u0026 Co",
"versions": [
{
"lessThanOrEqual": "7.45",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "BD MAX\u2122 System",
"vendor": "Becton Dickinson \u0026 Co",
"versions": [
{
"lessThanOrEqual": "6.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "BD Phoenix\u2122 M50 Automated Microbiology System",
"vendor": "Becton Dickinson \u0026 Co",
"versions": [
{
"lessThanOrEqual": "2.70",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "BD Synapsys\u2122 Informatics Solution",
"vendor": "Becton Dickinson \u0026 Co",
"versions": [
{
"lessThanOrEqual": "6.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDefault credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as protected health information (PHI) and personally identifiable information (PII). Exploitation of this vulnerability may allow an attacker to shut down or otherwise impact the availability of the system. Note: BD Synapsys\u2122 Informatics\nSolution is only in scope of\nthis vulnerability when\ninstalled on a NUC server. BD Synapsys\u2122\nInformatics Solution installed\non a customer-provided virtual machine or on the BD Kiestra\u2122 SCU hardware is\nnot in scope.\n\n\u003cbr\u003e\u003cbr\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as protected health information (PHI) and personally identifiable information (PII). Exploitation of this vulnerability may allow an attacker to shut down or otherwise impact the availability of the system. Note: BD Synapsys\u2122 Informatics\nSolution is only in scope of\nthis vulnerability when\ninstalled on a NUC server. BD Synapsys\u2122\nInformatics Solution installed\non a customer-provided virtual machine or on the BD Kiestra\u2122 SCU hardware is\nnot in scope."
}
],
"impacts": [
{
"capecId": "CAPEC-70",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-70 Try Common or Default Usernames and Passwords"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392 USE OF DEFAULT CREDENTIALS",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T15:16:44.982Z",
"orgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
"shortName": "BD"
},
"references": [
{
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-cybersecurity-vulnerability-bulletin-diagnostic-solutions-products"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2325d071-eabf-4b7b-a4ea-0819b6629a18",
"assignerShortName": "BD",
"cveId": "CVE-2024-10476",
"datePublished": "2024-12-17T15:16:44.982Z",
"dateReserved": "2024-10-28T18:44:14.990Z",
"dateUpdated": "2024-12-17T15:35:43.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12013 (GCVE-0-2024-12013)
Vulnerability from cvelistv5 – Published: 2025-02-13 16:03 – Updated: 2025-02-13 16:53
VLAI?
Summary
A CWE-1392 “Use of Default Credentials” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The device exposes an FTP server with default and easy-to-guess admin credentials. A remote attacker capable of interacting with the FTP server could gain access and perform changes over resources exposed by the service such as configuration files where password hashes are saved or where network settings are stored.
Severity ?
7.6 (High)
CWE
- CWE-1392 - Use of Default Credentials
Assigner
References
Credits
Diego Zaffaroni of Nozomi Networks found this bug during a security research activity.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T16:53:11.220388Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T16:53:17.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "130.8005",
"vendor": "Zettler",
"versions": [
{
"status": "affected",
"version": "12h",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Diego Zaffaroni of Nozomi Networks found this bug during a security research activity."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A CWE-1392 \u201cUse of Default Credentials\u201d was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The device exposes an FTP server with default and easy-to-guess admin credentials. A remote attacker capable of interacting with the FTP server could gain access and perform changes over resources exposed by the service such as configuration files where password hashes are saved or where network settings are stored."
}
],
"value": "A CWE-1392 \u201cUse of Default Credentials\u201d was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The device exposes an FTP server with default and easy-to-guess admin credentials. A remote attacker capable of interacting with the FTP server could gain access and perform changes over resources exposed by the service such as configuration files where password hashes are saved or where network settings are stored."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392 Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T16:03:02.948Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-12013"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2024-12013",
"datePublished": "2025-02-13T16:03:02.948Z",
"dateReserved": "2024-12-02T10:29:14.254Z",
"dateUpdated": "2025-02-13T16:53:17.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12286 (GCVE-0-2024-12286)
Vulnerability from cvelistv5 – Published: 2024-12-10 17:40 – Updated: 2024-12-11 14:13
VLAI?
Title
MOBATIME Network Master Clock has a use of default credentials vulnerability
Summary
MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials.
Severity ?
9.8 (Critical)
CWE
- CWE-1392 - Use of Default Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MOBATIME | Network Master Clock - DTS 4801 |
Affected:
00020419.01.02020154
|
Credits
Mate Csorba and Zoltan Kato from DNV reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12286",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-11T14:12:56.145380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T14:13:07.964Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Network Master Clock - DTS 4801",
"vendor": "MOBATIME",
"versions": [
{
"status": "affected",
"version": "00020419.01.02020154"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mate Csorba and Zoltan Kato from DNV reported this vulnerability to CISA."
}
],
"datePublic": "2024-12-10T17:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials.\u003c/span\u003e"
}
],
"value": "MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392 Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T17:40:02.566Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-345-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMOBATIME recommends users update to the latest firmware version from their \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.mobatime.com/resource/282/dts-4801-masterclock\"\u003ehomepage\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "MOBATIME recommends users update to the latest firmware version from their homepage https://www.mobatime.com/resource/282/dts-4801-masterclock ."
}
],
"source": {
"advisory": "ICSA-24-345-01",
"discovery": "EXTERNAL"
},
"title": "MOBATIME Network Master Clock has a use of default credentials vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-12286",
"datePublished": "2024-12-10T17:40:02.566Z",
"dateReserved": "2024-12-05T21:43:21.355Z",
"dateUpdated": "2024-12-11T14:13:07.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Requirements
Description:
- Prohibit use of default, hard-coded, or other values that do not vary for each installation of the product - especially for separate organizations.
Mitigation
Phase: Architecture and Design
Description:
- Force the administrator to change the credential upon installation.
Mitigation
Phases: Installation, Operation
Description:
- The product administrator could change the defaults upon installation or during operation.
No CAPEC attack patterns related to this CWE.