VYPR
Unrated severityNVD Advisory· Published Aug 5, 2010· Updated Jun 16, 2026

CVE-2010-2966

CVE-2010-2966

Description

The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGIN_USER_NAME and LOGIN_USER_PASSWORD (aka LOGIN_PASSWORD) parameters to create hardcoded credentials, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • Windriver/Vxworks6 versions
    cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*range: <=6.8
    • cpe:2.3:o:windriver:vxworks:5:*:*:*:*:*:*:*
    • cpe:2.3:o:windriver:vxworks:5.5:*:*:*:*:*:*:*
    • cpe:2.3:o:windriver:vxworks:6:*:*:*:*:*:*:*
    • cpe:2.3:o:windriver:vxworks:6.4:*:*:*:*:*:*:*
    • (no CPE)range: 6.x, 5.x, and earlier

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.