The default password for the web application’s root user (the vendor’s private account) was weak and the MD5 hash was used to crack the password using a widely available open-source tool.
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Sepcos_control_and_protection_relay_firmware | Secheron | 1.23.0 (including) | 1.23.21 (excluding) |
Sepcos_control_and_protection_relay_firmware | Secheron | 1.24.0 (including) | 1.24.8 (excluding) |
Sepcos_control_and_protection_relay_firmware | Secheron | 1.25.0 (including) | 1.25.3 (excluding) |