OSVDB ID: 83747

Title: Safety Vision RouteRecorder 4C set Command Cleartext Service Passwords Local Disclosure

Info

Disclosure

May 03, 2011

Discovery

Unknown

Dates

Exploit

May 03, 2011

Solution

Unknown

Description

Safety Vision RouteRecorder 4C contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker submits a blank SET command to the device, which will disclose service passwords in cleartext to a remote attacker.

Classification

Location: Local Access Required
Attack Type: Cryptographic, Information Disclosure
Impact: Loss of Confidentiality
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure
OSVDB: Authentication Required

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

Safety Vision, LLC.

RouteRecorder 4C

Unspecified

References

Related OSVDB ID: 83746 83748
Vendor URL: http://utility.com/company
http://www.safetyvision.com/
Other Advisory URL: http://www.digitalmunition.com/OwningCopCar.pdf
Generic Informational URL: http://www.safetyvision.com/attachments/contentmanagers/2168/RouteRecorder4C.pdf
News Article: http://www.theregister.co.uk/2011/05/03/cop_car_hacking/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/83747