cbcvebase.
CVE-2012-3951
published 2012-07-31

CVE-2012-3951: The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and…

PriorityP270high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
52.93%
98.8th percentile
The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session.

Affected

1 ranges
VendorProductVersion rangeFixed in
sonicwallscrutinizer<= 9.0.1.19899

Detection & IOCsextracted from sources · hover to see the quote

port3306
commandscrutinizer:admin
commandscrutremote:admin
commandSELECT 0x#{p} into DUMPFILE '#{dest}'
path../../html/
  • MySQL service bound to 0.0.0.0 on port 3306 — detect remote MySQL login attempts using default credentials 'scrutinizer' or 'scrutremote' with password 'admin' from external/untrusted hosts.
  • Detect MySQL DUMPFILE queries writing files into the web root (../../html/) — indicative of the exploit's payload-drop stage.
  • ·The vulnerability is a hardcoded default credential issue — the accounts 'scrutinizer' and 'scrutremote' both have the password 'admin' by default and cannot be detected by vulnerability scanners alone without credential validation.
  • ·MySQL is bound to all interfaces (0.0.0.0) by default in affected Scrutinizer installations, making the service reachable from any network without additional exploitation of firewall rules.
  • ·Exploitation results in code execution under the SYSTEM context, meaning successful exploitation grants full host compromise — not just database access.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.