Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

harman

Source -

NVD

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

9
Related CVEsRelated ProductsRelated AssignersReports
9Vulnerabilities found
CVE-2019-19561
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-2.4||LOW
EPSS-0.06% / 18.13%
||
7 Day CHG~0.00%
Published-15 Nov, 2020 | 23:51
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A misconfiguration in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with direct physical access to device hardware to obtain cellular modem information.

Action-Not Available
Vendor-harmann/a
Product-hermesn/a
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2019-19557
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-2.4||LOW
EPSS-0.06% / 18.13%
||
7 Day CHG~0.00%
Published-15 Nov, 2020 | 23:49
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A misconfiguration in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with direct physical access to device hardware to obtain cellular modem information.

Action-Not Available
Vendor-harmann/a
Product-hermesn/a
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2019-19563
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-2.4||LOW
EPSS-0.06% / 18.13%
||
7 Day CHG~0.00%
Published-15 Nov, 2020 | 23:44
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A misconfiguration in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with direct physical access to device hardware to obtain cellular modem information.

Action-Not Available
Vendor-harmann/a
Product-hermesn/a
CVE-2019-19560
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.07% / 21.80%
||
7 Day CHG~0.00%
Published-15 Nov, 2020 | 23:41
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication bypass in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with physical access to device hardware to obtain system information.

Action-Not Available
Vendor-harmann/a
Product-hermesn/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-19556
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.08% / 23.35%
||
7 Day CHG~0.00%
Published-15 Nov, 2020 | 23:37
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication bypass in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with physical access to device hardware to obtain system information.

Action-Not Available
Vendor-harmann/a
Product-hermesn/a
CVE-2019-19562
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.07% / 21.80%
||
7 Day CHG~0.00%
Published-15 Nov, 2020 | 23:30
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication bypass in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with physical access to device hardware to obtain system information.

Action-Not Available
Vendor-harmann/a
Product-hermesn/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-11224
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-26.82% / 96.17%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 17:04
Updated-04 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HARMAN AMX MVP5150 v2.87.13 devices allow remote OS Command Injection.

Action-Not Available
Vendor-harmann/a
Product-amx_mvp5150amx_mvp5150_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2016-1984
Assigner-CERT/CC
ShareView Details
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-4.08% / 88.10%
||
7 Day CHG~0.00%
Published-22 Jan, 2016 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2016-01-20 has a hardcoded password for the 1MB@tMaN account, which makes it easier for remote attackers to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2015-8362.

Action-Not Available
Vendor-harmann/a
Product-amx_firmwaren/a
CVE-2015-8362
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.47% / 91.40%
||
7 Day CHG~0.00%
Published-22 Jan, 2016 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2015-10-12 has a hardcoded password for the BlackWidow account, which makes it easier for remote attackers to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2016-1984.

Action-Not Available
Vendor-harmann/a
Product-amx_firmwaren/a