cbcvebase.

Digital Alert Systems Dasdec Eas vulnerabilities

5 known vulnerabilities affecting digital_alert_systems/dasdec_eas.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH2

Vulnerabilities

Page 1 of 1
CVE-2013-4735P2CRITICALCVSS 10.0≤ 2.0-1v2.0-02013-06-30
CVE-2013-4735 [CRITICAL] CWE-264 CVE-2013-4735: The Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS The Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 have a default password for an administrative account, which makes it easier for remote attackers to obtain access via an IP network.
nvd
CVE-2013-0137P2CRITICALCVSS 10.0≤ 2.0-1v2.0-02013-06-30
CVE-2013-0137 [CRITICAL] CWE-310 CVE-2013-0137: The default configuration of the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe The default configuration of the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 contains a known SSH private key, which makes it easier for remote attackers to obtain root access, and spoof alerts, via an SSH session.
nvd
CVE-2013-4732P3CRITICALCVSS 10.0≤ 2.0-2v2.0-0+1 more2013-06-30
CVE-2013-4732 [CRITICAL] CWE-255 CVE-2013-4732: The administrative web server on the Digital Alert Systems DASDEC EAS device through 2.0-2 and the M The administrative web server on the Digital Alert Systems DASDEC EAS device through 2.0-2 and the Monroe Electronics R189 One-Net EAS device through 2.0-2 uses predictable session ID values, which makes it easier for remote attackers to hijack sessions by sniffing the network. NOTE: VU#662676 states "Monroe Electronics could not reproduce this find
nvd
CVE-2013-4734P3HIGHCVSS 7.3≤ 2.0-1v2.0-02013-06-30
CVE-2013-4734 [HIGH] CWE-330 CVE-2013-4734: dasdec_mkuser on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics dasdec_mkuser on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 generates predictable passwords, which might make it easier for attackers to obtain non-administrative access via unspecified vectors.
nvd
CVE-2013-4733P3HIGHCVSS 7.5≤ 2.0-1v2.0-02013-06-30
CVE-2013-4733 [HIGH] CWE-264 CVE-2013-4733: The web server on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronic The web server on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 allows remote attackers to obtain sensitive configuration and status information by reading log files.
nvd
Digital Alert Systems Dasdec Eas vulnerabilities | cvebase