Main Vulnerability Database Vulnerabilities #VU82700

Use of hard-coded credentials in EasyBuilder Pro - CVE-2023-5777

Published: November 3, 2023

Vulnerability identifier: #VU82700

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2023-5777

CWE-ID: CWE-798

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
EasyBuilder Pro

Software vendor:
Weintek

Description

The vulnerability allows a remote attacker to gain full access to vulnerable system.

The vulnerability exists due to even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public. A remote unauthenticated attacker can access the affected system using the hard-coded credentials.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-05

Use of hard-coded credentials in EasyBuilder Pro - CVE-2023-5777

Description

Remediation

External links

Please verify you're human