CVE-2018-5402

Summary

CVE	CVE-2018-5402
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2018-10-08 15:29:00 UTC
Updated	2019-10-09 23:41:00 UTC
Description	The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and upload executable code via file upload for firmware updates. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and the Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7.

Risk And Classification

Problem Types: CWE-310

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Arm	Arm7	All	All	All	All
Hardware	Arm	Arm7	All	All	All	All
Hardware	Auto-maskin	Dcu 210e	-	All	All	All
Hardware	Auto-maskin	Dcu 210e	-	All	All	All
Operating System	Auto-maskin	Dcu 210e Firmware	-	All	All	All
Operating System	Auto-maskin	Dcu 210e Firmware	-	All	All	All
Application	Auto-maskin	Marine Pro Observer	-	All	All	All
Application	Auto-maskin	Marine Pro Observer	-	All	All	All
Hardware	Auto-maskin	Rp 210e	-	All	All	All
Hardware	Auto-maskin	Rp 210e	-	All	All	All
Operating System	Auto-maskin	Rp 210e Firmware	-	All	All	All
Operating System	Auto-maskin	Rp 210e Firmware	-	All	All	All

References

Reference	Source	Link	Tags
CERT Vulnerability Notes Database	CERT-VN	www.kb.cert.org	Third Party Advisory, US Government Resource
Auto-Maskin RP210E, DCU210E, and Marine Observer Pro (Android App) \| CISA	MISC	www.us-cert.gov
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Discovery Credit

LEGACY: Reporters: Brian Satira, Brian Olson, Organization: Project Gunsway

There are currently no legacy QID mappings associated with this CVE.