CVE-2019-20457

CRITICAL Year: 2019
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-276
View all →

Vulnerability Description

An issue was discovered on Brother MFC-J491DW C1806180757 devices. The printer's web-interface password hash can be retrieved without authentication, because the response header of any failed login attempt returns an incomplete authorization cookie. The value of the authorization cookie is the MD5 hash of the password in hexadecimal. An attacker can easily derive the true MD5 hash from this, and use offline cracking attacks to obtain administrative access to the device.

Related Vulnerabilities

CVE-2021-31217

CRITICAL
CVSS:9.1(Critical)

In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM.

CWE-2762021

CVE-2021-39635

CRITICAL
CVSS:9.1(Critical)

ims_ex is a vendor system service used to manage VoLTE in unisoc devices,But it does not verify the caller's permissions,so that normal apps (No phone permissions) can obtain some VoLTE sensitive info...

CWE-2762021

CVE-2021-40053

CRITICAL
CVSS:9.1(Critical)

There is a permission control vulnerability in the Nearby module.Successful exploitation of this vulnerability will affect availability and integrity.

CWE-2762021

CVE-2021-44140

CRITICAL
CVSS:9.1(Critical)

Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly crafted http request on logout, given that those files are reachable t...

CWE-2762021

CVE-2022-34737

CRITICAL
CVSS:9.1(Critical)

The application security module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may affect data integrity and confidentiality.

CWE-2762022

CVE-2023-33282

CRITICAL
CVSS:9.1(Critical)

Marval MSM through 14.19.0.12476 and 15.0 has a System account with default credentials. A remote attacker is able to login and create a valid session. This makes it possible to make backend calls to ...

CWE-2762023