CVE-2012-6663
HIGHGeneral Electric D20ME and D200 Firmware - Insufficiently Protected Credentials
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-6663.
Includes Metasploit module auxiliary/gather/d20pass.
AI-analyzed exploit summary This Metasploit module exploits a TFTP configuration file disclosure vulnerability in GE D20M* RTUs to retrieve plaintext usernames and passwords. It parses the binary configuration file to extract credentials and reports them for further use.
Description
General Electric D20ME devices are not properly configured and reveal plaintext passwords.
Exploits (1)
metasploit
WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/d20pass.rb
This Metasploit module exploits a TFTP configuration file disclosure vulnerability in GE D20M* RTUs to retrieve plaintext usernames and passwords. It parses the binary configuration file to extract credentials and reports them for further use.
Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target:
General Electric D20M* RTU (possibly D200)
No auth needed
Prerequisites:
Network access to the TFTP service on the target device · TFTP service enabled on the target
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026
Full analysis →
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
http://www.rapid7.com/db/modules/auxiliary/gather/d20pass
Scores
CVSS v3
7.5
EPSS
0.0949
EPSS Percentile
94.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-522
Status
published
Products (2)
ge/d200_firmware
ge/d20me_firmware
Published
Jan 23, 2020
Tracked Since
Feb 18, 2026