Unrated severityNVD Advisory· Published Aug 5, 2010· Updated Apr 29, 2026

CVE-2010-2966

Description

The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGIN_USER_NAME and LOGIN_USER_PASSWORD (aka LOGIN_PASSWORD) parameters to create hardcoded credentials, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session.

Affected products

Windriver/Vxworks5 versions
cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*range: <=6.8
- cpe:2.3:o:windriver:vxworks:5:*:*:*:*:*:*:*
- cpe:2.3:o:windriver:vxworks:5.5:*:*:*:*:*:*:*
- cpe:2.3:o:windriver:vxworks:6:*:*:*:*:*:*:*
- cpe:2.3:o:windriver:vxworks:6.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.metasploit.com/2010/08/vxworks-vulnerabilities.htmlnvdExploit
www.kb.cert.org/vuls/id/840249nvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000