CVE-2019-6560

CRITICAL

Auto-maskin Rp210e Firmware < 3.7 - Password Reset Weakness

Title source: rule

Description

In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

References (1)

[Third Party Advisory, US Government Resource] https://www.us-cert.gov/ics/advisories/icsa-20-051-04

Scores

CVSS v3 9.1

EPSS 0.0020

EPSS Percentile 41.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-640

Status published

Products (3)

auto-maskin/dcu_210_firmware < 3.7

auto-maskin/marine_pro_observer

auto-maskin/rp210e_firmware < 3.7

Published Mar 23, 2020

Tracked Since Feb 18, 2026