Hardcoded credentials

2023-05-2302:15:00

PRIOn knowledge base

www.prio-n.com

solarview

hard-coded

credentials

security vulnerability

remote attacker

administrative privilege

6.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.6%

JSON

Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10, which may allow a remote authenticated attacker to login the affected product with an administrative privilege and perform an unintended operation.

CPENameOperatorVersion
sv-cpt-mc310_firmwarelt8.10
sv-cpt-mc310f_firmwarelt8.10

CPE	Name	Operator	Version
	sv-cpt-mc310_firmware	lt	8.10
	sv-cpt-mc310f_firmware	lt	8.10

References

jvn.jp/en/vu/JVNVU92106300/

www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf

www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e