CVE-2018-7800

CWE-798 — Hard-coded Credentials CWE-77 — Command Injection CWE-20 — Improper Input Validation CWE-3998 documents5 sources

Severity

9.8CRITICAL

EPSS

0.7%

top 27.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Evlink Parking Firmware Schneider Electric SE Evlink Parking V3.2.0-12 V1 AND Earlier

Timeline

PublishedDec 24

Latest updateMay 14

Description

A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5schneider_electric_se/evlink_parking_v3.2.0-12_v1_and_earlierEVLink Parking v3.2.0-12_v1 and earlier

▶NVDschneider-electric/evlink_parking_firmware3.2.0-12

Patches

Patch: www.schneider-electric.com ↗Patch: www.schneider-electric.com ↗

🔴Vulnerability Details

GHSA

GHSA-m872-h33f-6rrm: A Hard-coded Credentials vulnerability exists in EVLink Parking, v3↗2022-05-14

▶

CVEList

CVE-2018-7800: A Hard-coded Credentials vulnerability exists in EVLink Parking, v3↗2018-12-24

▶

💥Exploits & PoCs

Exploit-DB

XEROX WorkCentre 7830 Printer - Cross-Site Request Forgery (Add Admin)↗2019-12-30

▶

Exploit-DB

XEROX WorkCentre 7855 Printer - Cross-Site Request Forgery (Add Admin)↗2019-12-30

▶

📋Vendor Advisories

Cisco

Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Web UI Command Injection Vulnerability↗2018-07-11

▶

Cisco

Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Session Initiation Protocol Denial of Service Vulnerability↗2018-06-06

▶

Cisco

Cisco IP Phone 7800 Series and 8800 Series and Cisco Wireless IP Phone 8821 Denial of Service Vulnerability↗2018-05-16

▶