CWE-419
Unprotected Primary Channel
BaseDraft
Description
The product uses a primary channel for administration or restricted functionality, but it does not properly protect the channel.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-383
CVEs mapped to this weakness (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-50588 | Cri | 0.64 | 9.8 | 0.00 | Nov 8, 2024 | An unauthenticated attacker with access to the local network of the medical office can use known default credentials to gain remote DBA access to the Elefant Firebird database. The data in the database includes patient data and login credentials among other sensitive data. In addition, this enables an attacker to create and overwrite arbitrary files on the server filesystem with the rights of the Firebird database ("NT AUTHORITY\SYSTEM"). | |
| CVE-2024-2414 | Hig | 0.57 | 8.8 | 0.00 | Mar 13, 2024 | The primary channel is unprotected on Movistar 4G router affecting E version S_WLD71-T1_v2.0.201820. This device has the 'adb' service open on port 5555 and provides access to a shell with root privileges. | |
| CVE-2024-3051 | Hig | 0.49 | 7.5 | 0.00 | Apr 26, 2024 | Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent by the end device will not be acknowledged by the gateway during this time. | |
| CVE-2024-39886 | Low | 0.24 | 3.7 | 0.00 | Jul 10, 2024 | TONE store App version 3.4.2 and earlier contains an issue with unprotected primary channel. Since TONE store App communicates with TONE store website in cleartext, a man-in-the-middle attack may allow an attacker to obtain and/or alter communications of the affected App. |