{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T16:57:16.731","vulnerabilities":[{"cve":{"id":"CVE-2018-5399","sourceIdentifier":"cret@cert.org","published":"2018-10-08T15:29:02.633","lastModified":"2024-11-21T04:08:44.443","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured to use password only authentication not cryptographic keys, however the firmware image contains an RSA host-key for the server. An attacker can exploit this vulnerability to gain root access to the Angstrom Linux operating system and modify any binaries or configuration files in the firmware. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7."},{"lang":"es","value":"El firmware de Auto-Maskin DCU 210E contiene un servidor Dropbear SSH no documentado, v2015.55, configurado para escuchar en el puerto 22 mientras se está ejecutando DCU. El servidor DCU está configurado con una combinación embebida de nombre de usuario y contraseña de root/amroot. El servidor está configurado para emplear solo contraseñas en lugar de claves criptográficas; sin embargo, la imagen del firmware contiene una clave de host RSA para el servidor. Un atacante puede explotar esta vulnerabilidad para obtener acceso root al sistema operativo Angstrom Linux y modificar cualquier binario o archivo de configuración en el firmware. Las versiones afectadas son Auto-Maskin DCU-210E RP-210E: versiones anteriores a la 3.7 en ARMv7."}],"metrics":{"cvssMetricV30":[{"source":"cret@cert.org","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cret@cert.org","type":"Secondary","description":[{"lang":"en","value":"CWE-798"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:auto-maskin:dcu-210e_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.7","matchCriteriaId":"AABA2941-1749-4916-9BF3-D600192C2871"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:auto-maskin:dcu-210e:-:*:*:*:*:*:*:*","matchCriteriaId":"B7569773-60A5-4E8A-B85D-33AF31052852"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:auto-maskin:rp-210e_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.7","matchCriteriaId":"ACBB628A-FCA7-4E7B-AA13-32C2CFA4F5A9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:auto-maskin:rp-210e:-:*:*:*:*:*:*:*","matchCriteriaId":"B90DF062-A9CB-48BD-ACC7-067271EB160B"}]}]}],"references":[{"url":"https://www.kb.cert.org/vuls/id/176301","source":"cret@cert.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.us-cert.gov/ics/advisories/icsa-20-051-04","source":"cret@cert.org"},{"url":"https://www.kb.cert.org/vuls/id/176301","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.us-cert.gov/ics/advisories/icsa-20-051-04","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}