Exposure of Hard-Coded Credentials in SolarView Compact by Contec
CVE-2023-27512

7.2HIGH

Key Information:

Vendor: Contec Co., Ltd.
Status: Solarview Compact
Vendor: CVE Published:; 23 May 2023

🔔 Create Contec Co., Ltd. Vulnerability Alert

What is CVE-2023-27512?

The SolarView Compact SV-CPT-MC310 and SV-CPT-MC310F models prior to version 8.10 are susceptible to a significant security issue stemming from hard-coded credentials. This vulnerability permits an authenticated remote attacker to gain administrative access to the device, thereby enabling them to perform unauthorized tasks, potentially compromising the system's integrity. Users are advised to upgrade to the latest firmware version to mitigate risks.

Affected Version(s)

SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10

References

https://www.contec.com/jp/download/donwload-list/?itemid=...

https://www.contec.com/jp/api/downloadlogger?download=/-/...

https://jvn.jp/en/vu/JVNVU92106300/

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2023
Vulnerability Reserved
Mar 15, 2023