Vulnerabilities > CVE-2011-0423 - Credentials Management vulnerability in Polyvision Roomwizard and Roomwizard Firmware

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

polyvision

CWE-255

NVD

Published: 2011-01-12

Updated: 2017-08-17

Summary

The PolyVision RoomWizard with firmware 3.2.3 has a default password of roomwizard for the administrator account, which makes it easier for remote attackers to obtain console access via an HTTP session, a different vulnerability than CVE-2010-0214.

Vulnerable Configurations

Part	Description	Count
Application	Polyvision Polyvision Roomwizard Firmware 3.2.3	1
Hardware	Polyvision Polyvision Roomwizard *	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://osvdb.org/70388
http://packetstormsecurity.org/files/view/97291/roomwizard-disclose.txt
http://seclists.org/fulldisclosure/2011/Jan/58
http://www.kb.cert.org/vuls/id/870601
http://www.securityfocus.com/bid/45699
http://www.vupen.com/english/advisories/2011/0059
https://exchange.xforce.ibmcloud.com/vulnerabilities/64543
https://exchange.xforce.ibmcloud.com/vulnerabilities/64642