Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-41612

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-18 Sep, 2024 | 00:00
Updated At-20 Sep, 2024 | 14:03
Rejected At-
Credits

Victure PC420 1.1.39 was discovered to use a weak encryption key for the file enabled_telnet.dat on the Micro SD card.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:18 Sep, 2024 | 00:00
Updated At:20 Sep, 2024 | 14:03
Rejected At:
â–¼CVE Numbering Authority (CNA)

Victure PC420 1.1.39 was discovered to use a weak encryption key for the file enabled_telnet.dat on the Micro SD card.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.trevorkems.com/operation-big-brother-iot-camera/
N/A
Hyperlink: https://www.trevorkems.com/operation-big-brother-iot-camera/
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
victure
Product
pc420_firmware
CPEs
  • cpe:2.3:a:victure:pc420_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 1.1.39
Problem Types
TypeCWE IDDescription
CWECWE-798CWE-798 Use of Hard-coded Credentials
Type: CWE
CWE ID: CWE-798
Description: CWE-798 Use of Hard-coded Credentials
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:18 Sep, 2024 | 18:15
Updated At:14 Apr, 2025 | 15:09

Victure PC420 1.1.39 was discovered to use a weak encryption key for the file enabled_telnet.dat on the Micro SD card.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.8HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
govicture
govicture
>>pc420_firmware>>1.1.39
cpe:2.3:o:govicture:pc420_firmware:1.1.39:*:*:*:*:*:*:*
govicture
govicture
>>pc420>>-
cpe:2.3:h:govicture:pc420:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-798Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-798
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.trevorkems.com/operation-big-brother-iot-camera/cve@mitre.org
Third Party Advisory
Hyperlink: https://www.trevorkems.com/operation-big-brother-iot-camera/
Source: cve@mitre.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

56Records found
CVE-2021-32454
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.6||CRITICAL
EPSS-0.09% / 25.05%
||
7 Day CHG~0.00%
Published-17 May, 2021 | 17:36
Updated-16 Sep, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SITEL CAP/PRX hardcoded credentials

SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded password. An attacker with access to the device could modify these credentials, leaving the administrators of the device without access.

Action-Not Available
Vendor-sitel-saSITEL
Product-remote_cap\/prxremote_cap\/prx_firmwareCAP/PRX
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-32993
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.1||HIGH
EPSS-0.03% / 9.41%
||
7 Day CHG~0.00%
Published-27 Dec, 2021 | 18:48
Updated-17 Sep, 2024 | 03:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Philips IntelliBridge EC 40 and EC 80 Hub Use of Hard-coded Credentials

IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

Action-Not Available
Vendor-Philips
Product-intellibridge_ec80intellibridge_ec40intellibridge_ec40_firmwareintellibridge_ec80_firmwareIntelliBridge EC 40 HubIntelliBridge EC 80 Hub
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27254
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 24.58%
||
7 Day CHG~0.00%
Published-05 Mar, 2021 | 20:00
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-br500_firmwarerbk12rbk43sbr500ex6150v2_firmwarer8900_firmwarerbr40_firmwarerbk23_firmwarerbk14_firmwarerbk15_firmwareex6410ex6420_firmwareex7300v2_firmwarebr200_firmwareex6250_firmwarerbk53_firmwarexr500_firmwarexr700_firmwarerbk15xr450_firmwareex7300rbk12_firmwarerbs40rbs50y_firmwarer8900rbs40_firmwarer9000_firmwarerbr10rbs10_firmwarerbk43_firmwareex6410_firmwarerbs20rbs50_firmwarerbs50yr9000ex6400v2ex6100v2ex7700_firmwarer7800rbk23rbs10r7800_firmwareex6100v2_firmwarerbk20_firmwarexr450xr700ex6400rbk43s_firmwarerbk20ex6400_firmwarerbk14ex7300_firmwarerbk44_firmwarerbs20_firmwarebr200d7800rbk44ex6150v2ex8000rbk40ex7320_firmwarerbr20rbk40_firmwarerbk13xr500ex6400v2_firmwareex6420ex7300v2d7800_firmwarerbk43ex8000_firmwareex6250rbr10_firmwarerbr40rbs50rbr50_firmwarerbr50ex7700rbk13_firmwarelbr20rbr20_firmwareex7320rbk50rbk53lbr20_firmwarerbk50_firmwareR7800
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-51629
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-6.3||MEDIUM
EPSS-0.19% / 41.19%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:15
Updated-25 Nov, 2024 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DCS-8300LHV2 ONVIF Hardcoded PIN Authentication Bypass Vulnerability

D-Link DCS-8300LHV2 ONVIF Hardcoded PIN Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the ONVIF API. The issue results from the use of a hardcoded PIN. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-21492.

Action-Not Available
Vendor-D-Link Corporation
Product-dcs-8300lhv2dcs-8300lhv2_firmwareDCS-8300LHV2DCS-8300LHV2
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-46102
Matching Score-4
Assigner-Robert Bosch GmbH
ShareView Details
Matching Score-4
Assigner-Robert Bosch GmbH
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.03%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 14:19
Updated-11 Sep, 2024 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to exchange messages and receive commands to execute on the HMI device. The protocol builds on top of MQTT to implement the remote management of the device is encrypted with a hard-coded DES symmetric key, that can be retrieved reversing both the Android Client application and the server-side web application. This issue allows an attacker able to control a malicious MQTT broker on the same subnet network of the device, to craft malicious messages and send them to the HMI device, executing arbitrary commands on the device itself.

Action-Not Available
Vendor-Bosch Rexroth AG
Product-ctrlx_hmi_web_panel_wr2107ctrlx_hmi_web_panel_wr2115_firmwarectrlx_hmi_web_panel_wr2107_firmwarectrlx_hmi_web_panel_wr2110ctrlx_hmi_web_panel_wr2115ctrlx_hmi_web_panel_wr2110_firmwarectrlX HMI Web Panel - WR21 (WR2110)ctrlX HMI Web Panel - WR21 (WR2115)ctrlX HMI Web Panel - WR21 (WR2107)ctrl_hmi_web_panel-wr21_\(wr2107\)ctrl_hmi_web_panel-wr21_\(wr2115\)ctrl_hmi_web_panel-wr21_\(wr2110\)
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2018-4017
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.84%
||
7 Day CHG~0.00%
Published-13 May, 2019 | 15:21
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable vulnerability exists in the Wi-Fi Access Point feature of the Roav A1 Dashcam running version RoavA1SWV1.9. A set of default credentials can potentially be used to connect to the device. An attacker can connect to the AP to trigger this vulnerability.

Action-Not Available
Vendor-anker-inn/a
Product-roav_dashcam_a1_firmwareroav_dashcam_a1Anker
CWE ID-CWE-798
Use of Hard-coded Credentials
  • Previous
  • 1
  • 2
  • Next
Details not found