Products
Swissphone DiCal-RED 4009
Source
cve@mitre.org
Tags
CVE-2024-36440 details
Published : Aug. 22, 2024, 3:15 p.m.
Last Modified : Aug. 22, 2024, 8:35 p.m.
Last Modified : Aug. 22, 2024, 8:35 p.m.
Description
An issue was discovered on Swissphone DiCal-RED 4009 devices. An attacker with access to the file /etc/deviceconfig may recover the administrative device password via password-cracking methods, because unsalted MD5 is used.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6.8 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-1393 | Use of Default Password | The product uses default passwords for potentially critical functionality. |
CVSS Data
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
6.8
Exploitability Score
1.6
Impact Score
5.2
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
References
This website uses the NVD API, but is not approved or certified by it.