Main Vulnerability Database SB2019070407

SB2019070407 - Hard-coded credentials in WolfVision Cynap

Published: July 4, 2019 Updated: July 15, 2019

Security Bulletin ID SB2019070407

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Use of hard-coded credentials (CVE-ID: N/A)

The vulnerability allows a remote attacker to gain full access to vulnerable device.

The vulnerability exists due to the device uses a static, hard-coded cryptographic secret for generating support PINs for the 'forgot password' feature. A remote attacker with knowledge of this static secret and corresponding algorithm for calculating support PINs can reset password of the administrator account and gain unauthorized access to the affected device.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable device.

Remediation

Install update from vendor's website.

References

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-021.txt