CWE-656
Reliance on Security Through Obscurity
The product uses a protection mechanism whose strength depends heavily on its obscurity, such that knowledge of its algorithms or key data is sufficient to defeat the mechanism.
CVE-2020-10277 (GCVE-0-2020-10277)
Vulnerability from cvelistv5
Published
2020-06-24 04:55
Modified
2024-09-17 02:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually adding a new user with sudo privileges on the machine.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Mobile Industrial Robots A/S | MiR100 |
Version: v2.8.1.1 and before |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T10:58:39.943Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/aliasrobotics/RVD/issues/2562" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MiR100", "vendor": "Mobile Industrial Robots A/S", "versions": [ { "status": "affected", "version": "v2.8.1.1 and before" } ] } ], "credits": [ { "lang": "en", "value": "Lander Usategui, Alfonso Glera (Alias Robotics)" } ], "datePublic": "2020-06-24T00:00:00", "descriptions": [ { "lang": "en", "value": "There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually adding a new user with sudo privileges on the machine." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-656", "description": "CWE-656", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-06-24T04:55:17", "orgId": "dc524f69-879d-41dc-ab8f-724e78658a1a", "shortName": "Alias" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/aliasrobotics/RVD/issues/2562" } ], "source": { "defect": [ "RVD#2562" ], "discovery": "EXTERNAL" }, "title": "RVD#2562: Booting from a live image leads to exfiltration of sensible information and privilege escalation", "x_generator": { "engine": "Robot Vulnerability Database (RVD)" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@aliasrobotics.com", "DATE_PUBLIC": "2020-06-24T04:53:02 +00:00", "ID": "CVE-2020-10277", "STATE": "PUBLIC", "TITLE": "RVD#2562: Booting from a live image leads to exfiltration of sensible information and privilege escalation" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MiR100", "version": { "version_data": [ { "version_value": "v2.8.1.1 and before" } ] } } ] }, "vendor_name": "Mobile Industrial Robots A/S" } ] } }, "credit": [ { "lang": "eng", "value": "Lander Usategui, Alfonso Glera (Alias Robotics)" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually adding a new user with sudo privileges on the machine." } ] }, "generator": { "engine": "Robot Vulnerability Database (RVD)" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "medium", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-656" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/aliasrobotics/RVD/issues/2562", "refsource": "CONFIRM", "url": "https://github.com/aliasrobotics/RVD/issues/2562" } ] }, "source": { "defect": [ "RVD#2562" ], "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "dc524f69-879d-41dc-ab8f-724e78658a1a", "assignerShortName": "Alias", "cveId": "CVE-2020-10277", "datePublished": "2020-06-24T04:55:17.409872Z", "dateReserved": "2020-03-10T00:00:00", "dateUpdated": "2024-09-17T02:27:32.380Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-10284 (GCVE-0-2020-10284)
Vulnerability from cvelistv5
Published
2020-07-15 19:25
Modified
2024-09-16 23:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
uFactory | xArm5 Lite, xArm 6 and xArm 7 |
Version: v1.5.0 and before |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T10:58:40.394Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ufactory.cc/#/en/support/download/xarm" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "xArm5 Lite, xArm 6 and xArm 7", "vendor": "uFactory", "versions": [ { "status": "affected", "version": "v1.5.0 and before" } ] } ], "credits": [ { "lang": "en", "value": "Alfonso Glera (Alias Robotics)" } ], "datePublic": "2020-07-15T00:00:00", "descriptions": [ { "lang": "en", "value": "No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-656", "description": "CWE-656", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-15T19:25:13", "orgId": "dc524f69-879d-41dc-ab8f-724e78658a1a", "shortName": "Alias" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ufactory.cc/#/en/support/download/xarm" } ], "source": { "defect": [ "RVD#3321" ], "discovery": "EXTERNAL" }, "title": "RVD#3321: No Authentication required to exert manual control of the robot", "x_generator": { "engine": "Robot Vulnerability Database (RVD)" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@aliasrobotics.com", "DATE_PUBLIC": "2020-07-15T19:16:14 +00:00", "ID": "CVE-2020-10284", "STATE": "PUBLIC", "TITLE": "RVD#3321: No Authentication required to exert manual control of the robot" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "xArm5 Lite, xArm 6 and xArm 7", "version": { "version_data": [ { "version_value": "v1.5.0 and before" } ] } } ] }, "vendor_name": "uFactory" } ] } }, "credit": [ { "lang": "eng", "value": "Alfonso Glera (Alias Robotics)" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session." } ] }, "generator": { "engine": "Robot Vulnerability Database (RVD)" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "critical", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-656" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ufactory.cc/#/en/support/download/xarm", "refsource": "CONFIRM", "url": "https://www.ufactory.cc/#/en/support/download/xarm" } ] }, "source": { "defect": [ "RVD#3321" ], "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "dc524f69-879d-41dc-ab8f-724e78658a1a", "assignerShortName": "Alias", "cveId": "CVE-2020-10284", "datePublished": "2020-07-15T19:25:13.961653Z", "dateReserved": "2020-03-10T00:00:00", "dateUpdated": "2024-09-16T23:21:30.074Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-10286 (GCVE-0-2020-10286)
Vulnerability from cvelistv5
Published
2020-07-15 21:15
Modified
2024-09-17 00:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible files, encryption, or issue orders that disrupt robot operation.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
uFactory | xArm 5 Lite, xArm 6 and xArm 7 |
Version: v1.5.0 and before |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T10:58:40.025Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/aliasrobotics/RVD/issues/3323" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "xArm 5 Lite, xArm 6 and xArm 7", "vendor": "uFactory", "versions": [ { "status": "affected", "version": "v1.5.0 and before" } ] } ], "credits": [ { "lang": "en", "value": "Alfonso Glera (Alias Robotics)" } ], "datePublic": "2020-07-15T00:00:00", "descriptions": [ { "lang": "en", "value": "the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible files, encryption, or issue orders that disrupt robot operation." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-656", "description": "CWE-656", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-15T21:15:13", "orgId": "dc524f69-879d-41dc-ab8f-724e78658a1a", "shortName": "Alias" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/aliasrobotics/RVD/issues/3323" } ], "source": { "defect": [ "RVD#3323" ], "discovery": "EXTERNAL" }, "title": "RVD#3323: Mismanaged permission implementation leads to privilege escalation, exfiltration of sensitive information, and DoS", "x_generator": { "engine": "Robot Vulnerability Database (RVD)" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@aliasrobotics.com", "DATE_PUBLIC": "2020-07-15T21:09:30 +00:00", "ID": "CVE-2020-10286", "STATE": "PUBLIC", "TITLE": "RVD#3323: Mismanaged permission implementation leads to privilege escalation, exfiltration of sensitive information, and DoS" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "xArm 5 Lite, xArm 6 and xArm 7", "version": { "version_data": [ { "version_value": "v1.5.0 and before" } ] } } ] }, "vendor_name": "uFactory" } ] } }, "credit": [ { "lang": "eng", "value": "Alfonso Glera (Alias Robotics)" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible files, encryption, or issue orders that disrupt robot operation." } ] }, "generator": { "engine": "Robot Vulnerability Database (RVD)" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "critical", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-656" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/aliasrobotics/RVD/issues/3323", "refsource": "CONFIRM", "url": "https://github.com/aliasrobotics/RVD/issues/3323" } ] }, "source": { "defect": [ "RVD#3323" ], "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "dc524f69-879d-41dc-ab8f-724e78658a1a", "assignerShortName": "Alias", "cveId": "CVE-2020-10286", "datePublished": "2020-07-15T21:15:13.859317Z", "dateReserved": "2020-03-10T00:00:00", "dateUpdated": "2024-09-17T00:22:04.212Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-12297 (GCVE-0-2024-12297)
Vulnerability from cvelistv5
Published
2025-01-15 10:00
Modified
2025-03-06 08:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-656 - Reliance on Security Through Obscurity
Summary
Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
► | Moxa | EDS-508A Series |
Version: 1.0 < |
||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-12297", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-15T14:49:11.063174Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-15T14:49:22.117Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "EDS-508A Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "3.11", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "PT-508 Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "3.8", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "PT-510 Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "3.8", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "PT-7528 Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "5.0", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "PT-7728 Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "3.9", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "PT-7828 Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "4.0", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "PT-G503 Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "5.3", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "PT-G510 Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "6.5", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "PT-G7728 Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "6.5", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "PT-G7828 Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "6.5", "status": "affected", "version": "1.0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Artem Turyshev from Rosatom Automated Control Systems Joint-Stock Company" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Moxa\u2019s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.\u003cbr\u003e" } ], "value": "Moxa\u2019s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device." } ], "impacts": [ { "capecId": "CAPEC-49", "descriptions": [ { "lang": "en", "value": "CAPEC-49: Password Brute Forcing" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 9.2, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-656", "description": "CWE-656: Reliance on Security Through Obscurity", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-03-06T08:27:52.297Z", "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "shortName": "Moxa" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241407-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-in-eds-508a-series" }, { "tags": [ "vendor-advisory" ], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241408-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-identified-in-pt-switches" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eMoxa has released appropriate solutions to address vulnerability. The solutions for the affected products are listed below.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eEDS-508A Series: Please contact Moxa Technical Support for the security patch\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003ePT Series:\u0026nbsp;Please contact Moxa Technical Support for the security patch\u003cbr\u003e\u003cbr\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e" } ], "value": "Moxa has released appropriate solutions to address vulnerability. The solutions for the affected products are listed below.\n\n * EDS-508A Series: Please contact Moxa Technical Support for the security patch\n\n\n * PT Series:\u00a0Please contact Moxa Technical Support for the security patch" } ], "source": { "discovery": "EXTERNAL" }, "title": "Frontend Authorization Logic Disclosure Vulnerability", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cul\u003e\u003cli\u003eMinimize network exposure to ensure the device is not accessible from the Internet.\u003c/li\u003e\u003cli\u003eLimit SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers. \u003c/li\u003e\u003cli\u003eImplement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks. \u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e" } ], "value": "* Minimize network exposure to ensure the device is not accessible from the Internet.\n * Limit SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers. \n * Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks." } ], "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "assignerShortName": "Moxa", "cveId": "CVE-2024-12297", "datePublished": "2025-01-15T10:00:46.524Z", "dateReserved": "2024-12-06T04:02:40.742Z", "dateUpdated": "2025-03-06T08:27:52.297Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-5244 (GCVE-0-2024-5244)
Vulnerability from cvelistv5
Published
2024-05-23 21:56
Modified
2024-08-01 21:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-656 - Reliance on Security Through Obscurity
Summary
TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability. This vulnerability allows network-adjacent attackers to access or spoof DDNS messages on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service.
The specific flaw exists within the cmxddnsd executable. The issue results from reliance on obscurity to secure network data. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-22439.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
TP-Link | Omada ER605 |
Version: 2.6_2.2.2 Build 20231017 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:tp_link:omada_er605:2.6_2.2.2_build_20231017:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "omada_er605", "vendor": "tp_link", "versions": [ { "status": "affected", "version": "2.6_2.2.2_build_20231017" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-5244", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-24T14:24:30.959171Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T18:02:14.698Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:03:11.048Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ZDI-24-503", "tags": [ "x_research-advisory", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-503/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Omada ER605", "vendor": "TP-Link", "versions": [ { "status": "affected", "version": "2.6_2.2.2 Build 20231017" } ] } ], "dateAssigned": "2024-05-22T16:00:10.545-05:00", "datePublic": "2024-05-23T08:57:28.179-05:00", "descriptions": [ { "lang": "en", "value": "TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability. This vulnerability allows network-adjacent attackers to access or spoof DDNS messages on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service.\n\nThe specific flaw exists within the cmxddnsd executable. The issue results from reliance on obscurity to secure network data. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-22439." } ], "metrics": [ { "cvssV3_0": { "baseScore": 5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-656", "description": "CWE-656: Reliance on Security Through Obscurity", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-23T21:56:08.846Z", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi" }, "references": [ { "name": "ZDI-24-503", "tags": [ "x_research-advisory" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-503/" } ], "source": { "lang": "en", "value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Tomer Goldschmidt, Sharon Brizinov" }, "title": "TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability" } }, "cveMetadata": { "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2024-5244", "datePublished": "2024-05-23T21:56:08.846Z", "dateReserved": "2024-05-22T21:00:10.520Z", "dateUpdated": "2024-08-01T21:03:11.048Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-9138 (GCVE-0-2024-9138)
Vulnerability from cvelistv5
Published
2025-01-03 08:14
Modified
2025-01-03 14:32
Severity ?
8.6 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
CWE
- CWE-656 - Reliance on Security Through Obscurity
Summary
Moxa’s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138. This vulnerability involves hard-coded credentials, enabling an authenticated user to escalate privileges and gain root-level access to the system, posing a significant security risk.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
► | Moxa | EDR-810 Series |
Version: 1.0 < |
||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-9138", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-03T14:32:27.077189Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-03T14:32:35.370Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "EDR-810 Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "5.12.37", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "EDR-8010 Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "3.13.1", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "EDR-G902 Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "5.7.25", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "EDR-G903 Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "5.7.25", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "EDR-G9004 Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "3.13.1", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "EDR-G9010 Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "3.13.1", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "EDF-G1002-BP Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "3.13.1", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "NAT-102 Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "1.0.5", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "OnCell G4302-LTE4 Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "3.13", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "TN-4900 Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "3.13", "status": "affected", "version": "1.0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lars Haulin" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eMoxa\u2019s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138. This vulnerability involves hard-coded credentials, enabling an authenticated user to escalate privileges and gain root-level access to the system, posing a significant security risk.\u003c/p\u003e" } ], "value": "Moxa\u2019s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138. This vulnerability involves hard-coded credentials, enabling an authenticated user to escalate privileges and gain root-level access to the system, posing a significant security risk." } ], "impacts": [ { "capecId": "CAPEC-37", "descriptions": [ { "lang": "en", "value": "CAPEC-37: Retrieve Embedded Sensitive Data" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.6, "baseSeverity": "HIGH", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-656", "description": "CWE-656: Reliance on Security Through Obscurity", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-03T08:14:31.588Z", "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "shortName": "Moxa" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eMoxa has developed appropriate solutions to address vulnerability. The solutions for the affected products are listed below.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eEDR-810 Series: Upgrade to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources\"\u003ethe firmware version 3.14\u003c/a\u003e\u0026nbsp;or later\u003c/li\u003e\u003cli\u003eEDR-8010 Series: Upgrade to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-8010-series#resources\"\u003ethe firmware version 3.14\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;or later\u003c/span\u003e\u003c/li\u003e\u003cli\u003eEDR-G902 Series: Upgrade to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series#resources\"\u003ethe firmware version 3.14\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;or later\u003c/span\u003e\u003c/li\u003e\u003cli\u003eEDR-G903 Series: Upgrade to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\"\u003ethe firmware version 3.14\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;or later\u003c/span\u003e\u003c/li\u003e\u003cli\u003eEDR-G9004 Series: Upgrade to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9004-series#resources\"\u003ethe firmware version 3.14\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;or later\u003c/span\u003e\u003c/li\u003e\u003cli\u003eEDR-G9010 Series: Upgrade to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources\"\u003ethe firmware version 3.14\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;or later\u003c/span\u003e\u003c/li\u003e\u003cli\u003eEDF-G1002-BP Series: Upgrade to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/network-security-appliance/edf-g1002-bp-series#resources\"\u003ethe firmware version 3.14\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;or later\u003c/span\u003e\u003c/li\u003e\u003cli\u003eNAT-102 Series: An official patch or firmware update is not currently available for this product. Please refer to the Mitigations section below for recommended measures to address the vulnerability.\u003c/li\u003e\u003cli\u003eOnCell G4302-LTE4 Series: Please contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/support/support/technical-support\"\u003eMoxa Technical Support\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;for the security patch\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eTN-4900 Series:\u0026nbsp;Please contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/support/support/technical-support\"\u003eMoxa Technical Support\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;for the security patch\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e" } ], "value": "Moxa has developed appropriate solutions to address vulnerability. The solutions for the affected products are listed below.\n\n\n\n * EDR-810 Series: Upgrade to the firmware version 3.14 https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources \u00a0or later\n * EDR-8010 Series: Upgrade to the firmware version 3.14 https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-8010-series#resources \u00a0or later\n * EDR-G902 Series: Upgrade to the firmware version 3.14 https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series#resources \u00a0or later\n * EDR-G903 Series: Upgrade to the firmware version 3.14 https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources \u00a0or later\n * EDR-G9004 Series: Upgrade to the firmware version 3.14 https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9004-series#resources \u00a0or later\n * EDR-G9010 Series: Upgrade to the firmware version 3.14 https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources \u00a0or later\n * EDF-G1002-BP Series: Upgrade to the firmware version 3.14 https://www.moxa.com/en/products/industrial-network-infrastructure/network-security-appliance/edf-g1002-bp-series#resources \u00a0or later\n * NAT-102 Series: An official patch or firmware update is not currently available for this product. Please refer to the Mitigations section below for recommended measures to address the vulnerability.\n * OnCell G4302-LTE4 Series: Please contact Moxa Technical Support https://www.moxa.com/support/support/technical-support \u00a0for the security patch\n * TN-4900 Series:\u00a0Please contact Moxa Technical Support https://www.moxa.com/support/support/technical-support \u00a0for the security patch" } ], "source": { "discovery": "EXTERNAL" }, "title": "Privilege Escalation in Cellular Router, Secure Router, and Network Security Appliances", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cul\u003e\u003cli\u003e\u003cp\u003eMinimize network exposure to ensure the device is not accessible from the Internet.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eLimit SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eImplement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e" } ], "value": "* Minimize network exposure to ensure the device is not accessible from the Internet.\n\n\n * Limit SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers.\n\n\n * Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks." } ], "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "assignerShortName": "Moxa", "cveId": "CVE-2024-9138", "datePublished": "2025-01-03T08:14:31.588Z", "dateReserved": "2024-09-24T07:11:41.549Z", "dateUpdated": "2025-01-03T14:32:35.370Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-41652 (GCVE-0-2025-41652)
Vulnerability from cvelistv5
Published
2025-05-27 08:38
Modified
2025-05-27 13:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-656 - Reliance on Security Through Obscurity
Summary
The devices are vulnerable to an authentication bypass due to flaws in the authorization mechanism. An unauthenticated remote attacker could exploit this weakness by performing brute-force attacks to guess valid credentials or by using MD5 collision techniques to forge authentication hashes, potentially compromising the device.
References
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
► | Weidmueller | IE-SW-VL05M-5TX |
Version: 0.0.0 ≤ |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-41652", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-05-27T13:14:16.971895Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-05-27T13:17:16.639Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "IE-SW-VL05M-5TX", "vendor": "Weidmueller", "versions": [ { "lessThan": "3.6.32", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "IE-SW-VL05MT-5TX", "vendor": "Weidmueller", "versions": [ { "lessThan": "3.6.32", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "IE-SW-VL08MT-8TX", "vendor": "Weidmueller", "versions": [ { "lessThan": "3.6.32", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "IE-SW-VL08MT-5TX-1SC-2SCS", "vendor": "Weidmueller", "versions": [ { "lessThan": "3.5.36", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "IE-SW-VL08MT-6TX-2SC", "vendor": "Weidmueller", "versions": [ { "lessThan": "3.5.36", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "IE-SW-VL08MT-6TX-2ST", "vendor": "Weidmueller", "versions": [ { "lessThan": "3.5.36", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "IE-SW-VL08MT-6TX-2SCS", "vendor": "Weidmueller", "versions": [ { "lessThan": "3.5.36", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "IE-SW-PL10M-3GT-7TX", "vendor": "Weidmueller", "versions": [ { "lessThan": "3.3.34", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "IE-SW-PL10MT-3GT-7TX", "vendor": "Weidmueller", "versions": [ { "lessThan": "3.3.34", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "IE-SW-PL16M-16TX", "vendor": "Weidmueller", "versions": [ { "lessThan": "3.4.32", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "IE-SW-PL16MT-16TX", "vendor": "Weidmueller", "versions": [ { "lessThan": "3.4.32", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "IE-SW-PL18M-2GC-16TX", "vendor": "Weidmueller", "versions": [ { "lessThan": "3.4.40", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "IE-SW-PL18MT-2GC-16TX", "vendor": "Weidmueller", "versions": [ { "lessThan": "3.4.40", "status": "affected", "version": "0.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The devices are vulnerable to an authentication bypass due to flaws in the authorization mechanism. An unauthenticated remote attacker could exploit this weakness by performing brute-force attacks to guess valid credentials or by using MD5 collision techniques to forge authentication hashes, potentially compromising the device." } ], "value": "The devices are vulnerable to an authentication bypass due to flaws in the authorization mechanism. An unauthenticated remote attacker could exploit this weakness by performing brute-force attacks to guess valid credentials or by using MD5 collision techniques to forge authentication hashes, potentially compromising the device." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-656", "description": "CWE-656 Reliance on Security Through Obscurity", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-05-27T08:38:12.340Z", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE" }, "references": [ { "url": "https://certvde.com/en/advisories/VDE-2025-044/" } ], "source": { "advisory": "VDE-2025-044", "defect": [ "CERT@VDE#641785" ], "discovery": "UNKNOWN" }, "title": "Weidmueller: Authentication Bypass Vulnerability in Industrial Ethernet Switches", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2025-41652", "datePublished": "2025-05-27T08:38:12.340Z", "dateReserved": "2025-04-16T11:17:48.305Z", "dateUpdated": "2025-05-27T13:17:16.639Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-7020 (GCVE-0-2025-7020)
Vulnerability from cvelistv5
Published
2025-08-09 12:42
Modified
2025-08-11 15:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-656 - Incorrect Encryption Implementation
Summary
An incorrect encryption implementation vulnerability exists in the system log dump feature of BYD's DiLink 3.0 OS (e.g. in the model ATTO3). An attacker with physical access to the vehicle can bypass the encryption of log dumps on the In-Vehicle Infotainment (IVI) unit's storage. This allows the attacker to access and read system logs containing sensitive data, including personally identifiable information (PII) and location data.
This vulnerability was introduced in a patch intended to fix CVE-2024-54728.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-7020", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-08-11T15:54:29.496185Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-08-11T15:54:36.036Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "modules": [ "Multimedia Unit", "IVI", "filesystem", "log dump" ], "platforms": [ "Dilink 3.0" ], "product": "DiLink OS", "vendor": "BYD", "versions": [ { "status": "affected", "version": "13.1.32.2307211.1" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lior Zur Lotan (PlaxidityX)" } ], "datePublic": "2025-08-09T12:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eAn incorrect encryption implementation vulnerability exists in the system log dump feature of BYD\u0027s DiLink 3.0 OS (e.g. in the model ATTO3). An attacker with physical access to the vehicle can bypass the encryption of log dumps on the In-Vehicle Infotainment (IVI) unit\u0027s storage. This allows the attacker to access and read system logs containing sensitive data, including personally identifiable information (PII) and location data.\u003c/p\u003e\u003cp\u003eThis vulnerability was introduced in a patch intended to fix CVE-2024-54728.\u003c/p\u003e" } ], "value": "An incorrect encryption implementation vulnerability exists in the system log dump feature of BYD\u0027s DiLink 3.0 OS (e.g. in the model ATTO3). An attacker with physical access to the vehicle can bypass the encryption of log dumps on the In-Vehicle Infotainment (IVI) unit\u0027s storage. This allows the attacker to access and read system logs containing sensitive data, including personally identifiable information (PII) and location data.\n\nThis vulnerability was introduced in a patch intended to fix CVE-2024-54728." } ], "impacts": [ { "capecId": "CAPEC-37", "descriptions": [ { "lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "YES", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "PHYSICAL", "baseScore": 5.1, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/AU:Y/V:D/RE:H", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-656", "description": "CWE-656: Incorrect Encryption Implementation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-08-09T12:42:29.150Z", "orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba", "shortName": "ASRG" }, "references": [ { "tags": [ "third-party-advisory" ], "url": "https://asrg.io/security-advisories/cve-2025-7020/" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "It is recommended to review and correct the encryption implementation used for system log dumps, ensuring the use of secure key management and proper encryption algorithm implementation practices." } ], "value": "It is recommended to review and correct the encryption implementation used for system log dumps, ensuring the use of secure key management and proper encryption algorithm implementation practices." } ], "source": { "discovery": "EXTERNAL" }, "title": "BYD DiLink OS Incorrect encryption Implementation of system log dumps", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba", "assignerShortName": "ASRG", "cveId": "CVE-2025-7020", "datePublished": "2025-08-09T12:42:29.150Z", "dateReserved": "2025-07-02T12:24:26.302Z", "dateUpdated": "2025-08-11T15:54:36.036Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Mitigation
Phase: Architecture and Design
Description:
- Always consider whether knowledge of your code or design is sufficient to break it. Reverse engineering is a highly successful discipline, and financially feasible for motivated adversaries. Black-box techniques are established for binary analysis of executables that use obfuscation, runtime analysis of proprietary protocols, inferring file formats, and others.
Mitigation
Phase: Architecture and Design
Description:
- When available, use publicly-vetted algorithms and procedures, as these are more likely to undergo more extensive security analysis and testing. This is especially the case with encryption and authentication.
No CAPEC attack patterns related to this CWE.