Vulnerability Details : CVE-2018-5402
The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and upload executable code via file upload for firmware updates. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and the Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7.
Products affected by CVE-2018-5402
- cpe:2.3:o:auto-maskin:rp_210e_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:auto-maskin:dcu_210e_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:a:auto-maskin:marine_pro_observer:-:*:*:*:*:android:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-5402
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 30 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-5402
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
|
9.1
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
3.9
|
5.2
|
CERT/CC | |
|
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2018-5402
-
Assigned by: nvd@nist.gov (Primary)
-
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.Assigned by: cret@cert.org (Secondary)
References for CVE-2018-5402
-
https://www.us-cert.gov/ics/advisories/icsa-20-051-04
Auto-Maskin RP210E, DCU210E, and Marine Observer Pro (Android App) | CISA
-
https://www.kb.cert.org/vuls/id/176301
VU#176301 - Auto-Maskin DCU 210E RP 210E and Marine Pro Observer AppThird Party Advisory;US Government Resource
Jump to