Hardcoded Credential Vulnerability in Quantum SuperLoader 3 Devices
CVE-2019-19145

5.8MEDIUM

Key Information:

Vendor: Quantum
Status: Superloader
Vendor: CVE Published:; 1 August 2025

What is CVE-2019-19145?

The Quantum SuperLoader 3 V94.0 005E.0h devices feature a hardcoded admin account that can be exploited by attackers due to a limited password space of 65536 combinations. This vulnerability permits unauthorized access to the system, enabling potential malicious actions that compromise the integrity of stored data. Users are advised to update their security measures to mitigate risks associated with this exposure.

Affected Version(s)

SuperLoader 3 V94.0 005E.0h

References

https://www.quantum.com/en/products/tape-storage/superloa...

https://github.com/atredispartners/advisories/blob/master...

https://www.dell.com/community/PowerVault/PowerVault-124T...

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 1, 2025
Vulnerability Reserved
Nov 21, 2019