CVE-2018-5402

The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and upload executable code via file upload for firmware updates. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and the Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7.
References
Link Resource
https://www.kb.cert.org/vuls/id/176301 Third Party Advisory US Government Resource
https://www.us-cert.gov/ics/advisories/icsa-20-051-04
Configurations

Configuration 1

cpe:2.3:a:auto-maskin:marine_pro_observer:-:*:*:*:*:android:*:*

Information

Published : 2018-10-08 03:29

Updated : 2019-10-09 11:41


NVD link : CVE-2018-5402

Mitre link : CVE-2018-5402

Products Affected
CWE