Vulnerabilities > CVE-2012-6428 - Credentials Management vulnerability in Carlosgavazzi products

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
carlosgavazzi
CWE-255
critical
NVD
Published: 2012-12-23
Updated: 2013-01-08

Summary

Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by reading a password in a PHP script, a similar issue to CVE-2012-5862.

Vulnerable Configurations

Part Description Count
OS
Carlosgavazzi
1
Hardware
Carlosgavazzi
1

Common Weakness Enumeration (CWE)

References