#VU20343 Insufficiently protected credentials in Zebra products - CVE-2019-10960
Published: August 21, 2019 / Updated: August 21, 2019
Vulnerability identifier: #VU20343
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-10960
CWE-ID: CWE-522
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
220Xi4
ZT200
ZT400
ZT510
ZT600
220Xi4
ZT200
ZT400
ZT510
ZT600
Software vendor:
Zebra
Zebra
Description
The vulnerability allows a remote attacker to access the front control panel passcode of the affected device.
The vulnerability exists due to insufficiently protected credentials in the affected device. A remote attacker can send a specially crafted packets to a port on the printer and retrieve a front control panel passcode.
Note: Once the passcode is retrieved, an attacker must have physical access to the front panel of the printer to enter the passcode to access the full functionality of the front panel.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.