CVE-2023-33920

MEDIUM Year: 2023
CVSS v3 Score
6.8
Medium
Weakness Type
CWE-798
View all →

Vulnerability Description

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain the hash of the root password in a hard-coded form, which could be exploited for UART console login to the device. An attacker with direct physical access could exploit this vulnerability.

Related Vulnerabilities

CVE-2018-12323

MEDIUM
CVSS:6.8(Medium)

An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password of EHLGVG is hard-coded for the root and admin accounts, which makes it easier for physically proximate attackers to login at th...

CWE-7982018

CVE-2018-17767

MEDIUM
CVSS:6.8(Medium)

Ingenico Telium 2 POS terminals have hardcoded PPP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N.

CWE-7982018

CVE-2018-9149

MEDIUM
CVSS:6.8(Medium)

The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn't use a suitable mechanism to protect the UART. After an attacker dismantles the device and uses a USB-to-UART cable to connect the device,...

CWE-7982018

CVE-2019-10688

MEDIUM
CVSS:6.8(Medium)

VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) application 3.9.1, use hard-coded credentials to establish connections between...

CWE-7982019

CVE-2019-3983

MEDIUM
CVSS:6.8(Medium)

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code and commands on the device due to insufficient UART protections.

CWE-7982019

CVE-2019-4675

MEDIUM
CVSS:6.8(Medium)

IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external compo...

CWE-7982019