Vulnerability Description
The Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4.104 is shipped with a default local administrator username and password. This can be found by a limited user account in an "unattend.xml" file left over on the C: drive from the Sysprep process. An attacker with this username and password can leverage it to gain administrator-level access on the system.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trms | Seneca Hdn Firmware | <= 7.0.4.104 |
| Trms | Seneca Hdn | - |
Related Weaknesses (CWE)
References
- https://www.drewgreen.net/vulnerabilities-in-tightrope-media-systems-carousel/ExploitThird Party Advisory
- https://www.drewgreen.net/vulnerabilities-in-tightrope-media-systems-carousel/ExploitThird Party Advisory
FAQ
What is CVE-2018-18929?
CVE-2018-18929 is a vulnerability with a CVSS score of 8.8 (HIGH). The Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4.104 is shipped with a default local administrator username and password. This can be found by a limited user account in an "unatte...
How severe is CVE-2018-18929?
CVE-2018-18929 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-18929?
Check the references section above for vendor advisories and patch information. Affected products include: Trms Seneca Hdn Firmware, Trms Seneca Hdn.