CVE-2018-5402

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2018-5402
The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and upload executable code via file upload for firmware updates. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and the Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7.

9.1 /10

CVSS v3 : CRITICAL

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

6.5 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://www.kb.cert.org/vuls/id/176301 Third Party Advisory US Government Resource
https://www.us-cert.gov/ics/advisories/icsa-20-051-04
https://www.kb.cert.org/vuls/id/176301 Third Party Advisory US Government Resource
https://www.us-cert.gov/ics/advisories/icsa-20-051-04
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:auto-maskin:rp_210e_firmware:-:*:*:*:*:*:*:*
OR cpe:2.3:h:arm:arm7:*:*:*:*:*:*:*:*
cpe:2.3:h:auto-maskin:rp_210e:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:auto-maskin:dcu_210e_firmware:-:*:*:*:*:*:*:*
OR cpe:2.3:h:arm:arm7:*:*:*:*:*:*:*:*
cpe:2.3:h:auto-maskin:dcu_210e:-:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:auto-maskin:marine_pro_observer:-:*:*:*:*:android:*:*
History

21 Nov 2024, 04:08

Type Values Removed Values Added
References () https://www.kb.cert.org/vuls/id/176301 - Third Party Advisory, US Government Resource () https://www.kb.cert.org/vuls/id/176301 - Third Party Advisory, US Government Resource
References () https://www.us-cert.gov/ics/advisories/icsa-20-051-04 - () https://www.us-cert.gov/ics/advisories/icsa-20-051-04 -
CVSS v2 : 6.5
v3 : 8.8 		v2 : 6.5
v3 : 9.1
Information

Published : 2018-10-08 15:29

Updated : 2024-11-21 04:08

NVD link : CVE-2018-5402

Mitre link : CVE-2018-5402

CVE.ORG link : CVE-2018-5402

JSON object : View

Products Affected

auto-maskin

  • marine_pro_observer
  • dcu_210e
  • rp_210e_firmware
  • rp_210e
  • dcu_210e_firmware

arm

  • arm7
CWE
CWE-319

Cleartext Transmission of Sensitive Information

CWE-310

Cryptographic Issues


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024