Mrd 305 Din Firmware
CVE-2017-12709
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
1DescriptionCVE.org
A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, which could allow for unauthorized local low-privileged access to the device.
AnalysisAI
A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Use of Hard-coded Credentials (CWE-798), which allows attackers to gain access using credentials embedded in source code. A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, which could allow for unauthorized local low-privileged access to the device. Affected products include: Westermo Mrd-305-Din Firmware, Westermo Mrd-315-Din Firmware, Westermo Mrd-355-Din Firmware, Westermo Mrd-455-Din Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Remove hard-coded credentials, use environment variables or secrets management, rotate exposed credentials immediately.
More in Mrd 305 Din Firmware
View allA Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-31
A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-
Same weakness CWE-798 – Use of Hard-coded Credentials
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today