How severe is CVE-2020-12012?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2020-12012?

This is classified as CWE-259, which is a common weakness in software security.

CVE-2020-12012

MEDIUM Year: 2020

CVSS v3 Score

6.1

Medium

CVSS v2 Score

3.6

Low

Weakness Type

CWE-259

View all →

Vulnerability Description

Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13, and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 have hard-coded administrative account credentials for the ExactaMix application. Successful exploitation of this vulnerability may allow an attacker with physical access to gain unauthorized access to view/update system configuration or data. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI.

CVE-2021-27254

MEDIUM

CVSS:6.3(Medium)

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific fla...

CWE-2592021

CVE-2023-51629

MEDIUM

CVSS:6.3(Medium)

D-Link DCS-8300LHV2 ONVIF Hardcoded PIN Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DCS-8300L...

CWE-2592023

CVE-2022-26388

MEDIUM

CVSS:6.4(Medium)

A use of hard-coded password vulnerability may allow authentication abuse.This issue affects ELI 380 Resting Electrocardiograph: Versions 2.6.0 and prior; ELI 280/BUR280/MLBUR 280 Resting Electrocardi...

CWE-2592022

CVE-2024-28023

MEDIUM

CVSS:5.7(Medium)

A vulnerability exists in the message queueing mechanism that if exploited can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive info...

CWE-2592024

CVE-2024-27774

MEDIUM

CVSS:6.5(Medium)

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware

CWE-2592024

CVE-2024-46959

MEDIUM

CVSS:6.5(Medium)

runofast Indoor Security Camera for Baby Monitor has a default password of password for the root account. This allows access to the /stream1 URI via the rtsp:// protocol to receive the video and audio...

CWE-2592024

CVE-2020-12012

Vulnerability Description

Related Vulnerabilities

CVE-2021-27254

CVE-2023-51629

CVE-2022-26388

CVE-2024-28023

CVE-2024-27774

CVE-2024-46959