How severe is CVE-2024-13893?

This vulnerability has a severity rating of HIGH with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2024-13893?

This is classified as CWE-1392, which is a common weakness in software security.

CVE-2024-13893 - HIGH Severity | CVSS N/A

Vulnerability Description

Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, might share same credentials for telnet service. Hash of the password can be retrieved through physical access to SPI connected memory. For the telnet service to be enabled, the inserted SD card needs to have a folder with a specific name created. Two products were tested, but since the vendor has not replied to reports, patching status remains unknown, as well as groups of devices and firmware ranges in which the same password is shared. Newer firmware versions might be vulnerable as well.

Related Vulnerabilities

CVE-2023-30603

CRITICAL

CVSS:9.8(Critical)

Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remot...

CWE-13922023

CVE-2023-30801

CRITICAL

CVSS:9.8(Critical)

All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, thi...

CWE-13922023

CVE-2023-3703

CRITICAL

CVSS:9.8(Critical)

Proscend Advice ICR Series routers FW version 1.76 - CWE-1392: Use of Default Credentials

CWE-13922023

CVE-2023-40704

MEDIUM

CVSS:9.8(Critical)

The product does not require unique and complex passwords to be created during installation. Using Philips's default password could jeopardize the PACS system if the password was hacked or leaked. An ...

CWE-13922023

CVE-2023-49621

CRITICAL

CVSS:9.8(Critical)

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application uses default credential with admin privileges. An...

CWE-13922023

CVE-2024-12286

CRITICAL

CVSS:9.8(Critical)

MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials.

CWE-13922024