How severe is CVE-2017-7905?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2017-7905?

This is classified as CWE-261, which is a common weakness in software security.

CVE-2017-7905

CRITICAL Year: 2017

CVSS v3 Score

9.8

Critical

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-261

View all →

Vulnerability Description

A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands.

CVE-2020-10275

CRITICAL

CVSS:9.8(Critical)

The access tokens for the REST API are directly derived from the publicly available default credentials for the web interface. Given a USERNAME and a PASSWORD, the token string is generated directly w...

CWE-2612020

CVE-2021-21507

CRITICAL

CVSS:9.8(Critical)

Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote...

CWE-2612021

CVE-2024-24279

HIGH

CVSS:8.8(High)

An issue in secdiskapp 1.5.1 (management program for NewQ Fingerprint Encryption Super Speed Flash Disk) allows attackers to gain escalated privileges via vsVerifyPassword and vsSetFingerPrintPower fu...

CWE-2612024

CVE-2024-28270

HIGH

CVSS:8.1(High)

An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to /prod-api/user/resetPassword.

CWE-2612024