CVE-2021-40422
14.04.2022, 20:15
An authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.Enginsight
| Vendor | Product | Version |
|---|---|---|
| swiftsensors | sg3-1010_firmware | - |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-798 - Use of Hard-coded CredentialsThe software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
- CWE-330 - Use of Insufficiently Random ValuesThe software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.