MidnightBSD

Advisories for monroe_electronics

CVE-2013-0137 HIGH

The default configuration of the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 contains a known SSH private key, which makes it easier for remote attackers to obtain root access, and spoof alerts, via an SSH session.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-310,

Products Affected

Vendor Product Version
monroe_electronics r189_one-net_eas *
monroe_electronics r189_one-net_eas 2.0-0
digital_alert_systems dasdec_eas *
digital_alert_systems dasdec_eas 2.0-0
CVE-2013-4732 HIGH

The administrative web server on the Digital Alert Systems DASDEC EAS device through 2.0-2 and the Monroe Electronics R189 One-Net EAS device through 2.0-2 uses predictable session ID values, which makes it easier for remote attackers to hijack sessions by sniffing the network. NOTE: VU#662676 states "Monroe Electronics could not reproduce this finding.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
monroe_electronics r189_one-net_eas *
monroe_electronics r189_one-net_eas 2.0-1
monroe_electronics r189_one-net_eas 2.0-0
digital_alert_systems dasdec_eas *
digital_alert_systems dasdec_eas 2.0-0
digital_alert_systems dasdec_eas 2.0-1
CVE-2013-4733 HIGH

The web server on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 allows remote attackers to obtain sensitive configuration and status information by reading log files.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
monroe_electronics r189_one-net_eas *
monroe_electronics r189_one-net_eas 2.0-0
digital_alert_systems dasdec_eas *
digital_alert_systems dasdec_eas 2.0-0
CVE-2013-4734 HIGH

dasdec_mkuser on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 generates predictable passwords, which might make it easier for attackers to obtain non-administrative access via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
monroe_electronics r189_one-net_eas *
monroe_electronics r189_one-net_eas 2.0-0
digital_alert_systems dasdec_eas *
digital_alert_systems dasdec_eas 2.0-0
CVE-2013-4735 HIGH

The Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 have a default password for an administrative account, which makes it easier for remote attackers to obtain access via an IP network.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
monroe_electronics r189_one-net_eas *
monroe_electronics r189_one-net_eas 2.0-0
digital_alert_systems dasdec_eas *
digital_alert_systems dasdec_eas 2.0-0