CVE-2024-43423
EUVD-2024-4027625.09.2024, 01:15
The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| doverfuelingsolutions | progauge_maglink_lx_console_firmware | 𝑥 ≤ 3.4.2.2.6 |
| doverfuelingsolutions | progauge_maglink_lx4_console_firmware | 𝑥 ≤ 4.17.9e |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| doverfuelingsolutions | maglink_lx_console | 𝑥 ≤ 3.4.2.2.6 | ADP |
| doverfuelingsolutions | maglink_lx4_console | 𝑥 ≤ 4.17.9e | ADP |
Common Weakness Enumeration
- CWE-259 - Use of Hard-coded PasswordThe software contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.
- CWE-798 - Use of Hard-coded CredentialsThe software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.