CVE-2013-4735 - OpenCVE

The Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 have a default password for an administrative account, which makes it easier for remote attackers to obtain access via an IP network.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Digital Alert Systems	Dasdec Eas
Monroe Electronics	R189 One-net Eas

Configuration 1 [-]

OR	cpe:2.3:h:digital_alert_systems:dasdec_eas::::::::
	cpe:2.3:h:digital_alert_systems:dasdec_eas:2.0-0:::::::*
	cpe:2.3:h:monroe_electronics:r189_one-net_eas::::::::
	cpe:2.3:h:monroe_electronics:r189_one-net_eas:2.0-0:::::::*

References

Link	Resource
http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdf	Vendor Advisory
http://www.kb.cert.org/vuls/id/662676	US Government Resource
http://www.kb.cert.org/vuls/id/AAMN-98MU7H	US Government Resource
http://www.kb.cert.org/vuls/id/AAMN-98MUK2	US Government Resource
http://www.monroe-electronics.com/MONROE_ELECTRONICS_PDF/130604-Monroe-Security-PR.pdf	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:14:58

Updated: 2022-10-03T16:14:58

Reserved: 2022-10-03T00:00:00

Link: CVE-2013-4735

JSON object: View

NVD Information

Status : Analyzed

Published: 2013-06-30T19:28:11.277

Modified: 2013-07-01T18:48:05.197

Link: CVE-2013-4735

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 have a default password for an administrative account, which makes it easier for remote attackers to obtain access via an IP network."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:14:58", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.kb.cert.org/vuls/id/AAMN-98MUK2"}, {"name": "VU#662676", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/662676"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kb.cert.org/vuls/id/AAMN-98MU7H"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.monroe-electronics.com/MONROE_ELECTRONICS_PDF/130604-Monroe-Security-PR.pdf"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4735", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 have a default password for an administrative account, which makes it easier for remote attackers to obtain access via an IP network."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.kb.cert.org/vuls/id/AAMN-98MUK2", "refsource": "CONFIRM", "url": "http://www.kb.cert.org/vuls/id/AAMN-98MUK2"}, {"name": "VU#662676", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/662676"}, {"name": "http://www.kb.cert.org/vuls/id/AAMN-98MU7H", "refsource": "CONFIRM", "url": "http://www.kb.cert.org/vuls/id/AAMN-98MU7H"}, {"name": "http://www.monroe-electronics.com/MONROE_ELECTRONICS_PDF/130604-Monroe-Security-PR.pdf", "refsource": "CONFIRM", "url": "http://www.monroe-electronics.com/MONROE_ELECTRONICS_PDF/130604-Monroe-Security-PR.pdf"}, {"name": "http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdf", "refsource": "CONFIRM", "url": "http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdf"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-4735", "datePublished": "2022-10-03T16:14:58", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:14:58", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:digital_alert_systems:dasdec_eas:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A5A9D54-20F6-4791-A830-3E6635A18933", "versionEndIncluding": "2.0-1", "vulnerable": true}, {"criteria": "cpe:2.3:h:digital_alert_systems:dasdec_eas:2.0-0:*:*:*:*:*:*:*", "matchCriteriaId": "308B32AD-1091-4528-964B-7394D54B1D4E", "vulnerable": true}, {"criteria": "cpe:2.3:h:monroe_electronics:r189_one-net_eas:*:*:*:*:*:*:*:*", "matchCriteriaId": "0AC044FA-0BC2-43D4-BF32-9B6FD67B8E77", "versionEndIncluding": "2.0-1", "vulnerable": true}, {"criteria": "cpe:2.3:h:monroe_electronics:r189_one-net_eas:2.0-0:*:*:*:*:*:*:*", "matchCriteriaId": "90C5BDD8-C91B-44EB-870E-FABEFCFA5F7B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 have a default password for an administrative account, which makes it easier for remote attackers to obtain access via an IP network."}, {"lang": "es", "value": "El dispositivo Digital Alert Systems DASDEC EAS anterior a v2.0-2 y el dispositivo Monroe Electronics R189 One-Net EAS anterior a v2.0-2 tener una contrase\u00f1a por defecto para una cuenta administrativa, lo que hace que sea m\u00e1s f\u00e1cil para un atacante remoto para obtener acceso a trav\u00e9s de una red IP."}], "id": "CVE-2013-4735", "lastModified": "2013-07-01T18:48:05.197", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-06-30T19:28:11.277", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdf"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/662676"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/AAMN-98MU7H"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/AAMN-98MUK2"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.monroe-electronics.com/MONROE_ELECTRONICS_PDF/130604-Monroe-Security-PR.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}