Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2016-1984

Published: 22/01/2016 Updated: 06/12/2016
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Harman

Vulnerability Summary

The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices prior to 2016-01-20 has a hardcoded password for the 1MB@tMaN account, which makes it easier for remote malicious users to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2015-8362.

Vulnerable Product Search on Vulmon Subscribe to Product

harman amx firmware 1.3.100

harman amx firmware 1.2.322

References

CWE-255http://seclists.org/fulldisclosure/2016/Jan/63http://www.amx.com/techcenter/NXSecurityBrief/http://www.amx.com/techcenter/firmware.asp?Category=Hot%20Fix%20Fileshttps://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160121-0_AMX_Deliberately_hidden_backdoor_account_v10.txthttp://blog.sec-consult.com/2016/01/deliberately-hidden-backdoor-account-in.htmlhttps://www.kb.cert.org/vuls/id/992624https://ics-cert.us-cert.gov/advisories/ICSA-16-049-02https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook