11 matches found
EUVD-2018-17169
Malware in sbrugna...
CVE-2018-5399
The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured to use password onl...
CVE-2018-5399
The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured to use password onl...
CVE-2018-5402
The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and upload executable co...
CVE-2018-5400
The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, "Hello World" over UDP ports 44444-44446 to the broadcast...
Hardcoded credentials
The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured to use password onl...
Code injection
The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, "Hello World" over UDP ports 44444-44446 to the broadcast...
CVE-2018-5402
CVE-2018-5402 concerns the Auto‑Maskin DCU 210E, RP‑210E, and Marine Pro Observer Android App where the embedded web server transmits the administrator PIN in cleartext. The vulnerability allows an authenticated attacker to change configurations, upload new configuration files, and upload executa...
CVE-2018-5401
CVE-2018-5401 affects Auto-Maskin DCU 210E, RP-210E and Marine Pro Observer Android App. The embedded systems transmit process control data in cleartext via unencrypted Modbus, allowing network-based observers to infer configurations, sensors in use, and related details. Affected: ARMv7 devices p...
CVE-2018-5399
CVE-2018-5399 affects Auto-Maskin DCU-210E RP-210E firmware (ARMv7) versions prior to 3.7. The firmware contains an undocumented Dropbear SSH server (v2015.55) listening on port 22 with hard-coded credentials (root / amroot) and password-only authentication, while an RSA host-key is present. This...
PT-2018-16943 · Auto Maskin +3 · Auto-Maskin Dcu-210E +3
Name of the Vulnerable Software and Affected Versions: Auto-Maskin DCU-210E RP-210E versions prior to 3.7 on ARMv7 Description: The firmware of the Auto-Maskin DCU 210E contains an undocumented Dropbear SSH server, version 2015.55, which listens on Port 22. This server is configured with a...