23 matches found
EUVD-2019-7635
Malware in sbrugna...
V-Zug Combi-Steam MSLQ Memory Corruption Vulnerability
The V-Zug Combi-Steam MSLQ is an all-in-one microwave, oven, and steam machine unit from Swiss Swiss V-Zug. A security vulnerability exists in the V-Zug Combi-Steam MSLQ using firmware versions prior to Ethernet R07 and firmware versions prior to WLAN R05. An attacker could exploit the...
CVE-2019-17216
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Password authentication uses MD5 to hash passwords. Cracking is possible with minimal effort...
CVE-2019-17219
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the device does not enforce any authentication. An adjacent attacker is able to use the network interface without proper access control...
CVE-2019-17216
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Password authentication uses MD5 to hash passwords. Cracking is possible with minimal effort...
CVE-2019-17218
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the communication to the web service is unencrypted via http. An attacker is able to intercept and sniff communication to the web service...
CVE-2019-17219
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the device does not enforce any authentication. An adjacent attacker is able to use the network interface without proper access control...
CVE-2019-17218
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the communication to the web service is unencrypted via http. An attacker is able to intercept and sniff communication to the web service...
CVE-2019-17215
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no bruteforce protection e.g., lockout established. An attacker might be able to bruteforce the password to authenticate on the device...
Default credentials
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Password authentication uses MD5 to hash passwords. Cracking is possible with minimal effort...
Default configuration
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the communication to the web service is unencrypted via http. An attacker is able to intercept and sniff communication to the web service...
Code injection
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no bruteforce protection e.g., lockout established. An attacker might be able to bruteforce the password to authenticate on the device...
Cross site request forgery (csrf)
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no CSRF protection established on the web service...
CVE-2019-17215
CVE-2019-17215 affects V-Zug Combi-Steam MSLQ devices prior to Ethernet R07 and WLAN R05. The root cause is the absence of bruteforce protection (e.g., account lockout), allowing an attacker to brute-force passwords to authenticate on the device. Documented impact is unauthorized access via passw...
CVE-2019-17215
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no bruteforce protection e.g., lockout established. An attacker might be able to bruteforce the password to authenticate on the device...
CVE-2019-17216
CVE-2019-17216 affects the V-Zug Combi-Steam MSLQ family (before Ethernet R07 and WLAN R05). The root issue is that password authentication uses MD5 to hash passwords, which enables cracking with minimal effort. This leads to a high-severity, network-remote risk affecting authentication confident...
CVE-2019-17216
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Password authentication uses MD5 to hash passwords. Cracking is possible with minimal effort...
CVE-2019-17217
CVE-2019-17217 concerns the V-Zug Combi-Steam MSLQ line. The connected documents confirm a CSRF vulnerability in the device’s web service present on firmware older than Ethernet R07 and WLAN R05. The issue arises from the web interface not properly protecting against CSRF, enabling an attacker to...
CVE-2019-17217
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no CSRF protection established on the web service...
CVE-2019-17218
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the communication to the web service is unencrypted via http. An attacker is able to intercept and sniff communication to the web service...