- Description
- Missing encryption of sensitive data vulnerability in 'MIRUPASS' PW10 firmware all versions and 'MIRUPASS' PW20 firmware all versions allows an attacker who can physically access the device to obtain the stored passwords.
- Source
- vultures@jpcert.or.jp
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 4.6
- Impact score
- 3.6
- Exploitability score
- 0.9
- Vector string
- CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:N/A:N
- nvd@nist.gov
- CWE-311
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:kingjim:mirupass_pw10_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E9FB74D3-B6AA-415E-9864-AEC01357401F"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:kingjim:mirupass_pw10:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A965B937-4E1D-40F6-947E-816BA0B48EE8"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:kingjim:mirupass_pw20_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "22A8DD2F-2606-4AD5-BE79-088B3A50D30A"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:kingjim:mirupass_pw20:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "00914630-3A9A-472D-8FA0-80FB046F7384"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]