#VU21104 Use of Hard-coded Password in Philips products - CVE-2019-13530
Published: September 13, 2019
Vulnerability identifier: #VU21104
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-13530
CWE-ID: CWE-259
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
IntelliVue MX600
IntelliVue MX700
IntelliVue MX800
IntelliVue MPX2
IntelliVue MP2
IntelliVue MP5SC
IntelliVue MP5
IntelliVue MP90
IntelliVue MP80
IntelliVue MP70
IntelliVue MP60
IntelliVue MP50
IntelliVue MP40
IntelliVue MP30
IntelliVue MP20
IntelliVue MX600
IntelliVue MX700
IntelliVue MX800
IntelliVue MPX2
IntelliVue MP2
IntelliVue MP5SC
IntelliVue MP5
IntelliVue MP90
IntelliVue MP80
IntelliVue MP70
IntelliVue MP60
IntelliVue MP50
IntelliVue MP40
IntelliVue MP30
IntelliVue MP20
Software vendor:
Philips
Philips
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the software contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components. A remote attacker can use these credentials to login via ftp and upload a malicious firmware.
Remediation
This vulnerability was fixed only in the WLAN Version C.