HIGH🇬🇧 English

CVE-2015-3972

CVSS 10.0v2.0pub. 2015-10-28upd. 2026-05-06

The web interface on Janitza UMG 508, 509, 511, 604, and 605 devices supports only short PIN values for authentication, which makes it easier for remote attackers to obtain access via a brute-force attack.

oryginał EN
CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Janitza Umg 508

    HW
    Janitza
    wszystkie wersje
  • Janitza Umg 509

    HW
    Janitza
    wszystkie wersje
  • Janitza Umg 511

    HW
    Janitza
    wszystkie wersje
  • Janitza Umg 604

    HW
    Janitza
    wszystkie wersje
  • Janitza Umg 605

    HW
    Janitza
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2015-3968HIGH7.5ten sam produkt

The FTP service on Janitza UMG 508, 509, 511, 604, and 605 devices has a default password, which makes it easi...

CVE-2015-3971HIGH7.5ten sam produkt

The debug interface on Janitza UMG 508, 509, 511, 604, and 605 devices does not require authentication, which ...

CVE-2015-3967MEDIUM6.8ten sam produkt

Cross-site request forgery (CSRF) vulnerability on Janitza UMG 508, 509, 511, 604, and 605 devices allows remo...

CVE-2015-3969MEDIUM5.0ten sam produkt

Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to obtain sensitive network-connection ...

CVE-2015-3970MEDIUM4.3ten sam produkt

Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Janitza UMG 508, 509, 511, 604, an...