Vulnerabilities > Auto Maskin

DATE CVE VULNERABILITY TITLE RISK
2020-03-23 CVE-2019-6558 Weak Password Requirements vulnerability in Auto-Maskin products
In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
network
low complexity
auto-maskin CWE-521
7.5
2020-03-23 CVE-2019-6560 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Auto-Maskin products
In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
network
low complexity
auto-maskin CWE-640
critical
9.1
2018-10-08 CVE-2018-5402 Cryptographic Issues vulnerability in Auto-Maskin products
The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and upload executable code via file upload for firmware updates.
network
low complexity
auto-maskin CWE-310
8.8
2018-10-08 CVE-2018-5401 Cleartext Transmission of Sensitive Information vulnerability in Auto-Maskin products
The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
network
high complexity
auto-maskin CWE-319
5.9
2018-10-08 CVE-2018-5400 Origin Validation Error vulnerability in Auto-Maskin DCU 210E Firmware and RP 210E Firmware
The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices.
network
low complexity
auto-maskin CWE-346
critical
9.1
2018-10-08 CVE-2018-5399 Use of Hard-coded Credentials vulnerability in Auto-Maskin Dcu-210E Firmware and Rp-210E Firmware
The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running.
network
low complexity
auto-maskin CWE-798
critical
9.8