Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

ProGrade/Lierda Grill Temperature 1.00_50006 Hardcoded Credentials

🗓️ 26 Aug 2019 00:00:00Reported by Tim TepattiType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 199 Views

ProGrade/Lierda Grill Temperature V1.00_50006 has hardcoded admin credentials, allowing attackers to cause Denial of Service and Information Disclosure via an undocumented access-point configuration page

Related
Code
ReporterTitlePublishedViews
Family
CVE		CVE-2019-15304
26 Aug 201912:35
cve
Cvelist		CVE-2019-15304
26 Aug 201912:35
cvelist
EUVD		EUVD-2019-6310
7 Oct 202500:30
euvd
NVD		CVE-2019-15304
26 Aug 201913:15
nvd
OSV		CVE-2019-15304
26 Aug 201913:15
osv
Prion		Default credentials
26 Aug 201913:15
prion
RedhatCVE		CVE-2019-15304
22 May 202510:20
redhatcve
`[Author:] Tim Tepatti  
[Website:] tepatti.com  
  
[Title:] Hard-coded credentials on ProGrade/Lierda Grill Temperature  
Monitor [CVE-2019-15304]  
  
[Product:] Grill Temperature Monitor  
[Manufacturer:] ProGrade / Lierda  
[Affected Version(s):] V1.00_50006  
[Tested Version(s):] V1.00_50006  
[Vulnerability Type:] Use of hard-coded credentials (CWE ID 798)  
[CVE Reference:] CVE-2019-15304  
  
  
[TL;DR:]  
  
ProGrade/Lierda Grill Temperature Monitor V1.00_50006 has a default  
password of admin for the admin account, which allows an attacker to  
cause a Denial of Service or Information Disclosure via the  
undocumented access-point configuration page located on the device.  
  
[Long Info:]  
  
ProGrade/Lierda Grill Temperature Monitor V1.00_50006 has a default  
password of admin for the admin account, which allows an attacker to  
cause a Denial of Service or Information Disclosure via the  
undocumented access-point configuration page located on the device.  
  
The access point configuration page is never made known to the end  
user - the user is never supposed to access it or change any of the  
options, and as such, the end user has no idea that an attacker could  
access this page. This is different than a normal access point or  
internet router where the administration page is required for setup  
and configuration, and the end user is made aware of the risk of  
default credentials. This makes the vulnerability more severe because  
the attack vector is something which the end user wasn't aware even  
operated on their device.  
  
Additionally, there were two vendors provided because Lierda is a  
wholesaler who actually created the device, and ProGrade simply  
re-branded the device for the American market. This way, both  
customers will be aware of the security vulnerabilities in the  
product.  
  
[Technical Info:]  
  
[Default Web Server IP:] 11.11.11.254  
[Default Web Server Port:] 80  
  
[Reference(s):] http://progradegrill.com/wifi-grilling-thermometer/  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
26 Aug 2019 00:00Current
9.4High risk
Vulners AI Score9.4
EPSS0.01818
prograde/lierda grill temperaturehardcoded credentialsdenial of serviceinformation disclosuredefault passwordaccess point configurationsecurity vulnerabilities
199