VYPR

DCU210E

by Auto-Maskin

CVEs (6)

  • CVE-2018-5399CriOct 8, 2018
    risk 0.61cvss 9.4epss 0.02

    The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured…

  • CVE-2018-5402CriOct 8, 2018
    risk 0.59cvss 9.1epss 0.01

    The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and…

  • CVE-2018-5401CriOct 8, 2018
    risk 0.59cvss 9.1epss 0.01

    The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus…

  • CVE-2018-5400CriOct 8, 2018
    risk 0.59cvss 9.1epss 0.01

    The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, "Hello World" over UDP ports 44444-44446…

  • CVE-2019-6558Mar 23, 2020
    risk 0.00cvss epss 0.01

    In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

  • CVE-2019-6560Mar 23, 2020
    risk 0.00cvss epss 0.01

    In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.