Vulnerabilities > Auto Maskin > RP 210E Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-23 | CVE-2019-6558 | Weak Password Requirements vulnerability in Auto-Maskin products In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak. | 5.0 |
| 2018-10-08 | CVE-2018-5402 | Cryptographic Issues vulnerability in Auto-Maskin products The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and upload executable code via file upload for firmware updates. | 6.5 |
| 2018-10-08 | CVE-2018-5401 | Cleartext Transmission of Sensitive Information vulnerability in Auto-Maskin products The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. | 4.3 |
| 2018-10-08 | CVE-2018-5400 | Origin Validation Error vulnerability in Auto-Maskin DCU 210E Firmware and RP 210E Firmware The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. | 6.4 |
| 2018-10-08 | CVE-2018-5399 | Use of Hard-coded Credentials vulnerability in Auto-Maskin Dcu-210E Firmware and Rp-210E Firmware The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. | 10.0 |