Vulnerabilities > CVE-2018-5402 - Cryptographic Issues vulnerability in Auto-Maskin products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

auto-maskin

arm

CWE-310

NVD

Published: 2018-10-08

Updated: 2019-10-09

Summary

The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and upload executable code via file upload for firmware updates. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and the Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7.

Vulnerable Configurations

Part	Description	Count
OS	Auto-Maskin Auto Maskin RP 210E Firmware - Auto Maskin DCU 210E Firmware -	2
Hardware	Arm ARM Arm7 *	1
Hardware	Auto-Maskin Auto Maskin RP 210E - Auto Maskin DCU 210E -	2
Application	Auto-Maskin Auto Maskin Marine PRO Observer -	1

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

References