Common Weakness Enumeration

CWE-259

Allowed

Use of Hard-coded Password

Abstraction: Variant · Status: Draft

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

315 vulnerabilities reference this CWE, most recent first.

CVE-2024-33625 (GCVE-0-2024-33625)

Vulnerability from cvelistv5 – Published: 2024-05-15 19:19 – Updated: 2024-08-02 02:36
VLAI
Title
CyberPower PowerPanel business Use of Hard-coded Password
Summary
CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
CyberPower PowerPanel business Affected: 0 , < 4.9.0 (custom)
Create a notification for this product.
cyberpower powerpanel_business Affected: 0 , < 4.9.0 (custom)
    cpe:2.3:a:cyberpower:powerpanel_business:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Amir Preminger and Noam Moshe of Claroty Team82 Research reported these vulnerabilities to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cyberpower:powerpanel_business:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "powerpanel_business",
            "vendor": "cyberpower",
            "versions": [
              {
                "lessThan": "4.9.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-33625",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-16T18:45:00.332821Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:45:30.871Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:36:04.325Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PowerPanel business",
          "vendor": "CyberPower",
          "versions": [
            {
              "lessThan": "4.9.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Amir Preminger and Noam Moshe of Claroty Team82 Research reported these vulnerabilities to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\nCyberPower PowerPanel business \napplication code contains a hard-coded JWT signing key. This could \nresult in an attacker forging JWT tokens to bypass authentication.\n\n"
            }
          ],
          "value": "CyberPower PowerPanel business \napplication code contains a hard-coded JWT signing key. This could \nresult in an attacker forging JWT tokens to bypass authentication."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-259",
              "description": "CWE-259",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-15T19:19:53.960Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01"
        },
        {
          "url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\u003cp\u003eCyberPower has released a new version (v4.10.1 or later version) of PowerPanel business that fixes these vulnerabilities.\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads\"\u003ehttps://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads\u003c/a\u003e\u003cbr\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "CyberPower has released a new version (v4.10.1 or later version) of PowerPanel business that fixes these vulnerabilities.\n\n\n https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
        }
      ],
      "source": {
        "advisory": "ICSA-24-123-01",
        "discovery": "EXTERNAL"
      },
      "title": "CyberPower PowerPanel business Use of Hard-coded Password",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2024-33625",
    "datePublished": "2024-05-15T19:19:53.960Z",
    "dateReserved": "2024-04-29T16:47:22.341Z",
    "dateUpdated": "2024-08-02T02:36:04.325Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-32741 (GCVE-0-2024-32741)

Vulnerability from cvelistv5 – Published: 2024-05-14 10:02 – Updated: 2024-08-02 02:20
VLAI
Summary
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password which is used for the privileged system user `root` and for the boot loader `GRUB` by default . An attacker who manages to crack the password hash gains root access to the device.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-259 - Use of Hard-coded Password
Assigner
Impacted products
Vendor Product Version
Siemens SIMATIC CN 4100 Affected: 0 , < V3.0 (custom)
Create a notification for this product.
siemens simatic_cn_4100 Affected: 0 , < 3.0 (custom)
    cpe:2.3:a:siemens:simatic_cn_4100:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:siemens:simatic_cn_4100:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "simatic_cn_4100",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "3.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-32741",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-14T12:45:45.741161Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-06T17:34:22.017Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:20:34.965Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-273900.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CN 4100",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V3.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC CN 4100 (All versions \u003c V3.0). The affected device contains hard coded password which is used for the privileged system user `root` and for the boot loader `GRUB` by default . An attacker who manages to crack the password hash gains root access to the device."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-259",
              "description": "CWE-259: Use of Hard-coded Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-15T07:24:35.739Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-273900.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-32741",
    "datePublished": "2024-05-14T10:02:48.224Z",
    "dateReserved": "2024-04-17T12:35:40.942Z",
    "dateUpdated": "2024-08-02T02:20:34.965Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-29011 (GCVE-0-2024-29011)

Vulnerability from cvelistv5 – Published: 2024-05-01 18:19 – Updated: 2025-12-16 18:13
VLAI
Summary
Use of hard-coded password in the GMS ECM endpoint leading to authentication bypass vulnerability. This issue affects GMS: 9.3.4 and earlier versions.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-259 - Use of Hard-coded Password
Assigner
References
Impacted products
Vendor Product Version
SonicWall GMS Affected: 9.3.4 and earlier versions
Create a notification for this product.
sonicwall global_management_system Affected: - , ≤ 9.3.4 (custom)
    cpe:2.3:a:sonicwall:global_management_system:-:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-05-01 17:57
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:sonicwall:global_management_system:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "global_management_system",
            "vendor": "sonicwall",
            "versions": [
              {
                "lessThanOrEqual": "9.3.4",
                "status": "affected",
                "version": "-",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-29011",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-02T04:00:12.242592Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-16T18:13:23.266Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.499Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0007"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "GMS",
          "vendor": "SonicWall",
          "versions": [
            {
              "status": "affected",
              "version": "9.3.4 and earlier versions"
            }
          ]
        }
      ],
      "datePublic": "2024-05-01T17:57:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use of hard-coded password in the GMS ECM endpoint leading to authentication bypass vulnerability.\u003cbr\u003e\u003cbr\u003eThis issue affects GMS: 9.3.4 and earlier versions.\u003cbr\u003e"
            }
          ],
          "value": "Use of hard-coded password in the GMS ECM endpoint leading to authentication bypass vulnerability.\n\nThis issue affects GMS: 9.3.4 and earlier versions.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-259",
              "description": "CWE-259 Use of Hard-coded Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-01T18:19:46.896Z",
        "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "shortName": "sonicwall"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0007"
        }
      ],
      "source": {
        "advisory": "SNWLID-2024-0007",
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
    "assignerShortName": "sonicwall",
    "cveId": "CVE-2024-29011",
    "datePublished": "2024-05-01T18:19:46.896Z",
    "dateReserved": "2024-03-14T03:29:41.180Z",
    "dateUpdated": "2025-12-16T18:13:23.266Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-28023 (GCVE-0-2024-28023)

Vulnerability from cvelistv5 – Published: 2024-06-11 13:55 – Updated: 2024-08-02 00:48
VLAI
Summary
A vulnerability exists in the message queueing mechanism that if exploited can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-259 - Use of Hard-coded Password
Assigner
Impacted products
Vendor Product Version
Hitachi Energy FOXMAN-UN Affected: FOXMAN-UN R16B PC2
Unaffected: FOXMAN-UN R16B PC3 , ≤ FOXMAN-UN R16B PC4 (custom)
Affected: FOXMAN-UN R15B PC4
Unaffected: FOXMAN-UN R15B PC5
Create a notification for this product.
Hitachi Energy UNEM Affected: UNEM R16B PC2
Unaffected: UNEM R16B PC3 , ≤ UNEM R16B PC4 (custom)
Affected: UNEM R15B PC4
Unaffected: UNEM R15B PC4
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28023",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-11T15:40:34.740767Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-24T15:15:53.504Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:48:47.834Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FOXMAN-UN",
          "vendor": "Hitachi Energy",
          "versions": [
            {
              "status": "affected",
              "version": "FOXMAN-UN R16B PC2"
            },
            {
              "lessThanOrEqual": "FOXMAN-UN R16B PC4",
              "status": "unaffected",
              "version": "FOXMAN-UN R16B PC3",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "FOXMAN-UN R15B PC4"
            },
            {
              "status": "unaffected",
              "version": "FOXMAN-UN R15B PC5"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UNEM",
          "vendor": "Hitachi Energy",
          "versions": [
            {
              "status": "affected",
              "version": "UNEM R16B PC2"
            },
            {
              "lessThanOrEqual": "UNEM R16B PC4",
              "status": "unaffected",
              "version": "UNEM R16B PC3",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "UNEM R15B PC4"
            },
            {
              "status": "unaffected",
              "version": "UNEM R15B PC4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability exists in the message queueing mechanism that if \nexploited can lead to the exposure of resources or functionality to \nunintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.\n\n\n"
            }
          ],
          "value": "A vulnerability exists in the message queueing mechanism that if \nexploited can lead to the exposure of resources or functionality to \nunintended actors, possibly providing attackers with sensitive information or even execute arbitrary code."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-259",
              "description": "CWE-259 Use of Hard-coded Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-12T16:05:56.127Z",
        "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "shortName": "Hitachi Energy"
      },
      "references": [
        {
          "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
    "assignerShortName": "Hitachi Energy",
    "cveId": "CVE-2024-28023",
    "datePublished": "2024-06-11T13:55:56.127Z",
    "dateReserved": "2024-02-29T13:42:00.746Z",
    "dateUpdated": "2024-08-02T00:48:47.834Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-28010 (GCVE-0-2024-28010)

Vulnerability from cvelistv5 – Published: 2024-03-28 00:54 – Updated: 2025-01-14 03:54
VLAI
Summary
Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command via the internet.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-259 - Use of Hard-coded Password
Assigner
NEC
Impacted products
Vendor Product Version
NEC Corporation WG1800HP4 Affected: all versions
Create a notification for this product.
NEC Corporation WG1200HS3 Affected: all versions
Create a notification for this product.
NEC Corporation WG1900HP2 Affected: all versions
Create a notification for this product.
NEC Corporation WG1200HP3 Affected: all versions
Create a notification for this product.
NEC Corporation WG1800HP3 Affected: all versions
Create a notification for this product.
NEC Corporation WG1200HS2 Affected: all versions
Create a notification for this product.
NEC Corporation WG1900HP Affected: all versions
Create a notification for this product.
NEC Corporation WG1200HP2 Affected: all versions
Create a notification for this product.
NEC Corporation W1200EX(-MS) Affected: all versions
Create a notification for this product.
NEC Corporation WG1200HS Affected: all versions
Create a notification for this product.
NEC Corporation WG1200HP Affected: all versions
Create a notification for this product.
NEC Corporation WF300HP2 Affected: all versions
Create a notification for this product.
NEC Corporation W300P Affected: all versions
Create a notification for this product.
NEC Corporation WF800HP Affected: all versions
Create a notification for this product.
NEC Corporation WR8165N Affected: all versions
Create a notification for this product.
NEC Corporation WG2200HP Affected: all versions
Create a notification for this product.
NEC Corporation WF1200HP2 Affected: all versions
Create a notification for this product.
NEC Corporation WG1800HP2 Affected: all versions
Create a notification for this product.
NEC Corporation WF1200HP Affected: all versions
Create a notification for this product.
NEC Corporation WG600HP Affected: all versions
Create a notification for this product.
NEC Corporation WG300HP Affected: all versions
Create a notification for this product.
NEC Corporation WF300HP Affected: all versions
Create a notification for this product.
NEC Corporation WG1800HP Affected: all versions
Create a notification for this product.
NEC Corporation WG1400HP Affected: all versions
Create a notification for this product.
NEC Corporation WR8175N Affected: all versions
Create a notification for this product.
NEC Corporation WR9300N Affected: all versions
Create a notification for this product.
NEC Corporation WR8750N Affected: all versions
Create a notification for this product.
NEC Corporation WR8160N Affected: all versions
Create a notification for this product.
NEC Corporation WR9500N Affected: all versions
Create a notification for this product.
NEC Corporation WR8600N Affected: all versions
Create a notification for this product.
NEC Corporation WR8370N Affected: all versions
Create a notification for this product.
NEC Corporation WR8170N Affected: all versions
Create a notification for this product.
NEC Corporation WR8700N Affected: all versions
Create a notification for this product.
NEC Corporation WR8300N Affected: all versions
Create a notification for this product.
NEC Corporation WR8150N Affected: all versions
Create a notification for this product.
NEC Corporation WR4100N Affected: all versions
Create a notification for this product.
NEC Corporation WR4500N Affected: all versions
Create a notification for this product.
NEC Corporation WR8100N Affected: all versions
Create a notification for this product.
NEC Corporation WR8500N Affected: all versions
Create a notification for this product.
NEC Corporation CR2500P Affected: all versions
Create a notification for this product.
NEC Corporation WR8400N Affected: all versions
Create a notification for this product.
NEC Corporation WR8200N Affected: all versions
Create a notification for this product.
NEC Corporation WR1200H Affected: all versions
Create a notification for this product.
NEC Corporation WR7870S Affected: all versions
Create a notification for this product.
NEC Corporation WR6670S Affected: all versions
Create a notification for this product.
NEC Corporation WR7850S Affected: all versions
Create a notification for this product.
NEC Corporation WR6650S Affected: all versions
Create a notification for this product.
NEC Corporation WR6600H Affected: all versions
Create a notification for this product.
NEC Corporation WR7800H Affected: all versions
Create a notification for this product.
NEC Corporation WM3400RN Affected: all versions
Create a notification for this product.
NEC Corporation WM3450RN Affected: all versions
Create a notification for this product.
NEC Corporation WM3500R Affected: all versions
Create a notification for this product.
NEC Corporation WM3600R Affected: all versions
Create a notification for this product.
NEC Corporation WM3800R Affected: all versions
Create a notification for this product.
NEC Corporation WR8166N Affected: all versions
Create a notification for this product.
NEC Corporation MR01LN Affected: all versions
Create a notification for this product.
NEC Corporation MR02LN Affected: all versions
Create a notification for this product.
NEC Corporation WG1810HP(JE) Affected: all versions
Create a notification for this product.
NEC Corporation WG1810HP(MF) Affected: all versions
Create a notification for this product.
nec aterm_wg1800hp4_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:nec:aterm_wr8700n_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:nec:aterm_w1200ex-ms_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:nec:aterm_wf300hp2_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:nec:aterm_wf300hp_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:nec:aterm_wf800hp_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:nec:aterm_wg1200hp_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:nec:aterm_wg1200hs2_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:nec:aterm_wg1200hs_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:nec:aterm_wg1400hp_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:nec:aterm_wg1800hp2_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:h:nec:aterm_wg1800hp3:-:*:*:*:*:*:*:*
    cpe:2.3:o:nec:aterm_wg1800hp_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:nec:aterm_wg1900hp_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:nec:aterm_wg2200hp_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:nec:aterm_wg300hp_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:nec:aterm_wg600hp_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:nec:aterm_wr8165n_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:nec:aterm_wr8170n_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:nec:aterm_wr8175n_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:nec:aterm_wr8370n_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:nec:aterm_wr8600n_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:nec:aterm_wr8750n_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:nec:aterm_wr9300n_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:nec:aterm_wr9500n_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:nec:aterm_wg1200hp3_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:nec:aterm_wg1900hp2_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:nec:aterm_wg1200hs3_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:nec:aterm_wg1800hp4_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Katsuhiko Sato and Ryo Kashiro of 00One, Inc.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:nec:aterm_wr8700n_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:nec:aterm_w1200ex-ms_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:nec:aterm_wf300hp2_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:nec:aterm_wf300hp_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:nec:aterm_wf800hp_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:nec:aterm_wg1200hp_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:nec:aterm_wg1200hs2_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:nec:aterm_wg1200hs_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:nec:aterm_wg1400hp_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:nec:aterm_wg1800hp2_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:nec:aterm_wg1800hp3:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:nec:aterm_wg1800hp_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:nec:aterm_wg1900hp_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:nec:aterm_wg2200hp_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:nec:aterm_wg300hp_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:nec:aterm_wg600hp_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:nec:aterm_wr8165n_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:nec:aterm_wr8170n_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:nec:aterm_wr8175n_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:nec:aterm_wr8370n_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:nec:aterm_wr8600n_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:nec:aterm_wr8750n_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:nec:aterm_wr9300n_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:nec:aterm_wr9500n_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:nec:aterm_wg1200hp3_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:nec:aterm_wg1900hp2_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:nec:aterm_wg1200hs3_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:nec:aterm_wg1800hp4_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "aterm_wg1800hp4_firmware",
            "vendor": "nec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-28010",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-09T15:51:40.488406Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-29T16:40:00.206Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:48:47.627Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://https://jpn.nec.com/security-info/secinfo/nv24-001_en.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "WG1800HP4",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WG1200HS3",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WG1900HP2",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WG1200HP3",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WG1800HP3",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WG1200HS2",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WG1900HP",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WG1200HP2",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "W1200EX(-MS)",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WG1200HS",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WG1200HP",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WF300HP2",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "W300P",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WF800HP",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WR8165N",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WG2200HP",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WF1200HP2",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WG1800HP2",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WF1200HP",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WG600HP",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WG300HP",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WF300HP",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WG1800HP",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WG1400HP",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WR8175N",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WR9300N",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WR8750N",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WR8160N",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WR9500N",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WR8600N",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WR8370N",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WR8170N",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WR8700N",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WR8300N",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WR8150N",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WR4100N",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WR4500N",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WR8100N",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WR8500N",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "CR2500P",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WR8400N",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WR8200N",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WR1200H",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WR7870S",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WR6670S",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WR7850S",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WR6650S",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WR6600H",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WR7800H",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WM3400RN",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WM3450RN",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WM3500R",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WM3600R",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WM3800R",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WR8166N",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "MR01LN",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "MR02LN",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WG1810HP(JE)",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "WG1810HP(MF)",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Katsuhiko Sato and Ryo Kashiro of 00One, Inc."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command via the internet."
            }
          ],
          "value": "Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command via the internet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-259",
              "description": "CWE-259: Use of Hard-coded Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T03:54:22.800Z",
        "orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
        "shortName": "NEC"
      },
      "references": [
        {
          "url": "https://jpn.nec.com/security-info/secinfo/nv24-001_en.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
    "assignerShortName": "NEC",
    "cveId": "CVE-2024-28010",
    "datePublished": "2024-03-28T00:54:15.116Z",
    "dateReserved": "2024-02-29T08:40:13.581Z",
    "dateUpdated": "2025-01-14T03:54:22.800Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27774 (GCVE-0-2024-27774)

Vulnerability from cvelistv5 – Published: 2024-03-18 13:34 – Updated: 2024-08-02 00:41
VLAI
Title
Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-259: Use of Hard-coded Password
Summary
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-259 - Use of Hard-coded Password
Assigner
Impacted products
Vendor Product Version
Unitronics Unistream Unilogic Affected: All versions , < 1.35.227 (custom)
Create a notification for this product.
unitronics unistream_unilogic Affected: 0 , < 1.35.227 (custom)
    cpe:2.3:a:unitronics:unistream_unilogic:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-03-18 14:00
Credits
Noam Moshe, Vera Mens of Claroty Team82
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:unitronics:unistream_unilogic:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unistream_unilogic",
            "vendor": "unitronics",
            "versions": [
              {
                "lessThan": "1.35.227",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27774",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-20T21:32:07.422871Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-20T21:32:26.836Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:41:54.444Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://claroty.com/team82/blog/new-critical-vulnerabilities-in-unitronics-unistream-devices-uncovered"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Unistream Unilogic",
          "vendor": "Unitronics ",
          "versions": [
            {
              "lessThan": "1.35.227",
              "status": "affected",
              "version": "All versions",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Noam Moshe, Vera Mens of Claroty Team82"
        }
      ],
      "datePublic": "2024-03-18T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUnitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 -\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device\u0027s Firmware\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\n\n\n\n\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nUnitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 -\n\nCWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device\u0027s Firmware\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-259",
              "description": "CWE-259: Use of Hard-coded Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-18T13:34:31.538Z",
        "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "shortName": "INCD"
      },
      "references": [
        {
          "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
        },
        {
          "url": "https://claroty.com/team82/blog/new-critical-vulnerabilities-in-unitronics-unistream-devices-uncovered"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpgrade to version 1.35.227 or later.\u003c/span\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nUpgrade to version 1.35.227 or later.\n\n"
        }
      ],
      "source": {
        "advisory": "ILVN-2024-0154",
        "discovery": "UNKNOWN"
      },
      "title": "Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227  CWE-259: Use of Hard-coded Password",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
    "assignerShortName": "INCD",
    "cveId": "CVE-2024-27774",
    "datePublished": "2024-03-18T13:34:31.538Z",
    "dateReserved": "2024-02-26T09:27:55.323Z",
    "dateUpdated": "2024-08-02T00:41:54.444Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27164 (GCVE-0-2024-27164)

Vulnerability from cvelistv5 – Published: 2024-06-14 03:42 – Updated: 2025-02-13 17:46
VLAI
Title
Hardcoded credentials
Summary
Toshiba printers contain hardcoded credentials. As for the affected products/models/versions, see the reference URL.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-259 - Use of Hard-coded Password
Assigner
Impacted products
Vendor Product Version
Toshiba Tec Corporation Toshiba Tec e-Studio multi-function peripheral (MFP) Affected: see the reference URL
Create a notification for this product.
toshibatec e-studio-2521_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2521_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2020_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2020_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2520_nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2520_nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2021_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2021_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2525_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2525_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3025_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3025_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3525_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3525_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3525_acg Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3525_acg:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-4525_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-4525_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-5525_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-5525_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-5525_acg Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-5525_acg:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-6525_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-6525_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-6525_acg Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-6525_acg:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2528-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2528-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3028-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3028-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3528-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3528-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3528-ag Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3528-ag:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-4528-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-4528-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-4528-ag Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-4528-ag:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-5528-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-5528-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-6528-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-6528-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-6526-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-6526-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-6527-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-6527-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-7527-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-7527-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-6529-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-6529-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-7529-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-7529-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-9029-a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-9029-a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-330-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-330-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-400-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-400-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2010-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2010-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2110-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2110-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2510-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2510-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2610-ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2610-ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2015-nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2015-nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2515-nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2515-nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2615-nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2615-nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3015-nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3015-nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3115-nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3115-nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3515-nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3515-nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3615-nc Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3615-nc:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-4515_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-4515_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-4615_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-4615_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-5015_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-5015_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-5115_ac Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-5115_ac:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2018_a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2018_a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2518_a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2518_a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-2618_a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-2618_a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3018_a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3018_a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3118_a Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3118_a:-:*:*:*:*:*:*:*
Create a notification for this product.
toshibatec e-studio-3118_ag Affected: 0 , ≤ * (custom)
    cpe:2.3:h:toshibatec:e-studio-3118_ag:-:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-06-14 02:00
Credits
We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2521_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2521_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2020_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2020_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2520_nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2520_nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2021_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2021_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2525_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2525_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3025_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3025_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3525_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3525_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3525_acg:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3525_acg",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-4525_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-4525_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-5525_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-5525_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-5525_acg:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-5525_acg",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-6525_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-6525_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-6525_acg:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-6525_acg",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2528-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2528-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3028-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3028-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3528-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3528-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3528-ag:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3528-ag",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-4528-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-4528-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-4528-ag:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-4528-ag",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-5528-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-5528-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-6528-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-6528-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-6526-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-6526-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-6527-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-6527-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-7527-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-7527-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-6529-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-6529-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-7529-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-7529-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-9029-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-9029-a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-330-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-330-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-400-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-400-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2010-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2010-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2110-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2110-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2510-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2510-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2610-ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2610-ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2015-nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2015-nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2515-nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2515-nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2615-nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2615-nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3015-nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3015-nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3115-nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3115-nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3515-nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3515-nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3615-nc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3615-nc",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-4515_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-4515_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-4615_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-4615_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-5015_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-5015_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-5115_ac:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-5115_ac",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2018_a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2018_a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2518_a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2518_a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-2618_a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-2618_a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3018_a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3018_a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3118_a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3118_a",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:toshibatec:e-studio-3118_ag:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "e-studio-3118_ag",
            "vendor": "toshibatec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27164",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-14T16:46:16.555920Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T17:27:46.150Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:27:59.900Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.toshibatec.com/information/20240531_01.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU97136265/index.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "Toshiba Tec e-Studio multi-function peripheral (MFP)",
          "vendor": "Toshiba Tec Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "see the reference URL"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products."
        }
      ],
      "datePublic": "2024-06-14T02:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Toshiba printers contain hardcoded credentials. As for the affected products/models/versions, see the reference URL."
            }
          ],
          "value": "Toshiba printers contain hardcoded credentials. As for the affected products/models/versions, see the reference URL."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "We are not aware of any malicious exploitation by these vulnerabilities.\u003cbr\u003e"
            }
          ],
          "value": "We are not aware of any malicious exploitation by these vulnerabilities."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-37",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-259",
              "description": "CWE-259 Use of Hard-coded Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-04T05:07:17.972Z",
        "orgId": "ecc0f906-8666-484c-bcf8-c3b7520a72f0",
        "shortName": "Toshiba"
      },
      "references": [
        {
          "url": "https://www.toshibatec.com/information/20240531_01.html"
        },
        {
          "url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU97136265/index.html"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jul/1"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This issue is fixed in the version released on June 14, 2024 and all later versions.\u003cbr\u003e"
            }
          ],
          "value": "This issue is fixed in the version released on June 14, 2024 and all later versions."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-06-14T02:00:00.000Z",
          "value": "Fixes will be released"
        }
      ],
      "title": "Hardcoded credentials",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "When connecting the MFPs and printers with an outer network such as the Internet, only operate it in a network environment protected by a firewall, etc. to prevent information from being leaked due to incorrect settings or avoid illegal access by unauthorized users.\u003cbr\u003e"
            }
          ],
          "value": "When connecting the MFPs and printers with an outer network such as the Internet, only operate it in a network environment protected by a firewall, etc. to prevent information from being leaked due to incorrect settings or avoid illegal access by unauthorized users."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ecc0f906-8666-484c-bcf8-c3b7520a72f0",
    "assignerShortName": "Toshiba",
    "cveId": "CVE-2024-27164",
    "datePublished": "2024-06-14T03:42:00.905Z",
    "dateReserved": "2024-02-21T02:11:59.652Z",
    "dateUpdated": "2025-02-13T17:46:08.158Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26196 (GCVE-0-2024-26196)

Vulnerability from cvelistv5 – Published: 2024-02-29 20:27 – Updated: 2025-05-03 01:37
VLAI
Title
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
Summary
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-259 - Use of Hard-coded Password
Assigner
References
Impacted products
Vendor Product Version
Microsoft Microsoft Edge for Android Affected: 1.0.0 , < 122.0.2365.63 (custom)
Create a notification for this product.
Date Public
2024-02-29 08:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26196",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-01T17:55:42.878960Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:43.906Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:59:32.558Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26196"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Edge for Android",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "122.0.2365.63",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*",
                  "versionEndExcluding": "122.0.2365.63",
                  "versionStartIncluding": "1.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-02-29T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-259",
              "description": "CWE-259: Use of Hard-coded Password",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-03T01:37:21.642Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26196"
        }
      ],
      "title": "Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-26196",
    "datePublished": "2024-02-29T20:27:10.655Z",
    "dateReserved": "2024-02-14T22:23:54.100Z",
    "dateUpdated": "2025-05-03T01:37:21.642Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-21990 (GCVE-0-2024-21990)

Vulnerability from cvelistv5 – Published: 2024-04-17 19:35 – Updated: 2024-08-01 22:35
VLAI
Title
Default Privileged Account Credentials Vulnerability in ONTAP Select Deploy administration utility
Summary
ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
NetApp ONTAP Select Deploy administration utility Affected: 9.12.1 , ≤ 9.14.1P2 (patch)
Create a notification for this product.
netapp clustered_data_ontap Affected: 9.12.1
    cpe:2.3:o:netapp:clustered_data_ontap:9.12.1:-:*:*:*:*:*:*
Create a notification for this product.
netapp clustered_data_ontap Affected: 9.13.1
    cpe:2.3:o:netapp:clustered_data_ontap:9.13.1:-:*:*:*:*:*:*
Create a notification for this product.
netapp clustered_data_ontap Affected: 9.14.0
    cpe:2.3:o:netapp:clustered_data_ontap:9.14.0:-:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:netapp:clustered_data_ontap:9.12.1:-:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "clustered_data_ontap",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "9.12.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:netapp:clustered_data_ontap:9.13.1:-:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "clustered_data_ontap",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "9.13.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:netapp:clustered_data_ontap:9.14.0:-:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "clustered_data_ontap",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "9.14.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21990",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-23T15:34:29.517252Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:37:30.646Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:35:34.847Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240411-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ONTAP Select Deploy administration utility",
          "vendor": "NetApp",
          "versions": [
            {
              "lessThanOrEqual": "9.14.1P2",
              "status": "affected",
              "version": "9.12.1",
              "versionType": "patch"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "ONTAP Select Deploy administration utility versions 9.12.1.x, \n9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an\n attacker to view Deploy configuration information and modify the \naccount credentials.\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "ONTAP Select Deploy administration utility versions 9.12.1.x, \n9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an\n attacker to view Deploy configuration information and modify the \naccount credentials.\n\n\n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-259",
              "description": "CWE-259",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-17T19:35:23.599Z",
        "orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
        "shortName": "netapp"
      },
      "references": [
        {
          "url": "https://security.netapp.com/advisory/ntap-20240411-0002/"
        }
      ],
      "source": {
        "advisory": "NTAP-20240411-0002",
        "discovery": "UNKNOWN"
      },
      "title": "Default Privileged Account Credentials Vulnerability in ONTAP Select Deploy administration utility",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
    "assignerShortName": "netapp",
    "cveId": "CVE-2024-21990",
    "datePublished": "2024-04-17T19:35:23.599Z",
    "dateReserved": "2024-01-03T19:45:25.346Z",
    "dateUpdated": "2024-08-01T22:35:34.847Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-20412 (GCVE-0-2024-20412)

Vulnerability from cvelistv5 – Published: 2024-10-23 17:39 – Updated: 2024-10-26 03:55
VLAI
Summary
A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials. This vulnerability is due to the presence of static accounts with hard-coded passwords on an affected system. An attacker could exploit this vulnerability by logging in to the CLI of an affected device with these credentials. A successful exploit could allow the attacker to access the affected system and retrieve sensitive information, perform limited troubleshooting actions, modify some configuration options, or render the device unable to boot to the operating system, requiring a reimage of the device.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-259 - Use of Hard-coded Password
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Firepower Threat Defense Software Affected: 7.1.0
Affected: 7.1.0.1
Affected: 7.1.0.2
Affected: 7.1.0.3
Affected: 7.2.0
Affected: 7.2.0.1
Affected: 7.2.1
Affected: 7.2.2
Affected: 7.2.3
Affected: 7.2.4
Affected: 7.2.4.1
Affected: 7.2.5
Affected: 7.2.5.1
Affected: 7.2.6
Affected: 7.2.7
Affected: 7.2.5.2
Affected: 7.3.0
Affected: 7.3.1
Affected: 7.3.1.1
Affected: 7.3.1.2
Affected: 7.4.0
Affected: 7.4.1
Affected: 7.4.1.1
Create a notification for this product.
cisco firepower_threat_defense_software Affected: 7.1.0 , ≤ 7.1.0.3 (custom)
Affected: 7.2.0 , ≤ 7.2.7 (custom)
Affected: 7.3.0 , ≤ 7.3.1.2 (custom)
Affected: 7.4.0 , ≤ 7.4.1.1 (custom)
    cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "firepower_threat_defense_software",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "7.1.0.3",
                "status": "affected",
                "version": "7.1.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "7.2.7",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "7.3.1.2",
                "status": "affected",
                "version": "7.3.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "7.4.1.1",
                "status": "affected",
                "version": "7.4.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20412",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-25T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-26T03:55:24.066Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Firepower Threat Defense Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "7.1.0"
            },
            {
              "status": "affected",
              "version": "7.1.0.1"
            },
            {
              "status": "affected",
              "version": "7.1.0.2"
            },
            {
              "status": "affected",
              "version": "7.1.0.3"
            },
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "status": "affected",
              "version": "7.2.0.1"
            },
            {
              "status": "affected",
              "version": "7.2.1"
            },
            {
              "status": "affected",
              "version": "7.2.2"
            },
            {
              "status": "affected",
              "version": "7.2.3"
            },
            {
              "status": "affected",
              "version": "7.2.4"
            },
            {
              "status": "affected",
              "version": "7.2.4.1"
            },
            {
              "status": "affected",
              "version": "7.2.5"
            },
            {
              "status": "affected",
              "version": "7.2.5.1"
            },
            {
              "status": "affected",
              "version": "7.2.6"
            },
            {
              "status": "affected",
              "version": "7.2.7"
            },
            {
              "status": "affected",
              "version": "7.2.5.2"
            },
            {
              "status": "affected",
              "version": "7.3.0"
            },
            {
              "status": "affected",
              "version": "7.3.1"
            },
            {
              "status": "affected",
              "version": "7.3.1.1"
            },
            {
              "status": "affected",
              "version": "7.3.1.2"
            },
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "status": "affected",
              "version": "7.4.1"
            },
            {
              "status": "affected",
              "version": "7.4.1.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials.\r\n\r This vulnerability is due to the presence of static accounts with hard-coded passwords on an affected system. An attacker could exploit this vulnerability by logging in to the CLI of an affected device with these credentials. A successful exploit could allow the attacker to access the affected system and retrieve sensitive information, perform limited troubleshooting actions, modify some configuration options, or render the device unable to boot to the operating system, requiring a reimage of the device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-259",
              "description": "Use of Hard-coded Password",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-23T17:39:04.071Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ftd-statcred-dFC8tXT5",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-statcred-dFC8tXT5"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ftd-statcred-dFC8tXT5",
        "defects": [
          "CSCwk07982"
        ],
        "discovery": "INTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20412",
    "datePublished": "2024-10-23T17:39:04.071Z",
    "dateReserved": "2023-11-08T15:08:07.663Z",
    "dateUpdated": "2024-10-26T03:55:24.066Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

For outbound authentication: store passwords outside of the code in a strongly-protected, encrypted configuration file or database that is protected from access by all outsiders, including other local users on the same system. Properly protect the key (CWE-320). If you cannot use encryption to protect the file, then make sure that the permissions are as restrictive as possible.

Mitigation
Architecture and Design

For inbound authentication: Rather than hard-code a default username and password for first time logins, utilize a "first login" mode that requires the user to enter a unique strong password.

Mitigation
Architecture and Design

Perform access control checks and limit which entities can access the feature that requires the hard-coded password. For example, a feature might only be enabled through the system console instead of through a network connection.

Mitigation
Architecture and Design
  • For inbound authentication: apply strong one-way hashes to your passwords and store those hashes in a configuration file or database with appropriate access control. That way, theft of the file/database still requires the attacker to try to crack the password. When receiving an incoming password during authentication, take the hash of the password and compare it to the hash that you have saved.
  • Use randomly assigned salts for each separate hash that you generate. This increases the amount of computation that an attacker needs to conduct a brute-force attack, possibly limiting the effectiveness of the rainbow table method.
Mitigation
Architecture and Design

For front-end to back-end connections: Three solutions are possible, although none are complete.

No CAPEC attack patterns related to this CWE.