CVE-2019-13352
CRITICALWolfVision Cynap < 1.30j - Use of Hard-coded Credentials in Forgot Password Feature
Title source: llmDescription
WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic secret for generating support PINs for the 'forgot password' feature. By knowing this static secret and the corresponding algorithm for calculating support PINs, an attacker can reset the ADMIN password and thus gain remote access.
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/153530/WolfVision-Cynap-1.18g-1.28j-Hardcoded-Credential.html
Exploit, Third Party Advisory x_refsource_misc
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-021.txt
Exploit, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/Jul/9
Scores
CVSS v3
9.8
EPSS
0.0288
EPSS Percentile
85.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (1)
wolfvision/cynap
< 1.30j
Published
Jul 05, 2019
Tracked Since
Feb 18, 2026