CVE-2018-5402

The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and upload executable code via file upload for firmware updates. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and the Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7.
References
Link Resource
https://www.kb.cert.org/vuls/id/176301 Third Party Advisory US Government Resource
https://www.us-cert.gov/ics/advisories/icsa-20-051-04
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:auto-maskin:rp_210e_firmware:-:*:*:*:*:*:*:*
OR cpe:2.3:h:auto-maskin:rp_210e:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:arm7:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:auto-maskin:dcu_210e_firmware:-:*:*:*:*:*:*:*
OR cpe:2.3:h:auto-maskin:dcu_210e:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:arm7:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:auto-maskin:marine_pro_observer:-:*:*:*:*:android:*:*

Information

Published : 2018-10-08 08:29

Updated : 2019-10-09 16:41


NVD link : CVE-2018-5402

Mitre link : CVE-2018-5402


JSON object : View

CWE
CWE-310

Cryptographic Issues

Advertisement

dedicated server usa

Products Affected

auto-maskin

  • dcu_210e
  • marine_pro_observer
  • dcu_210e_firmware
  • rp_210e_firmware
  • rp_210e

arm

  • arm7