1. Home
  2. CVE Database
  3. CVE-2019-9484
HIGH · 7.5

CVE-2019-9484

The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remote attackers to obtain access via an HTTP session on port 10000, as demonstrated by reading the modem...

Vulnerability Description

The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remote attackers to obtain access via an HTTP session on port 10000, as demonstrated by reading the modem password (which is 1234), or reconfiguring "party mode" or "vacation mode."

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
CarelPcoweb Card Firmware-
CarelPcoweb Card-

Related Weaknesses (CWE)

CWE-306

References

FAQ

What is CVE-2019-9484?

CVE-2019-9484 is a vulnerability with a CVSS score of 7.5 (HIGH). The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remote attackers to obtain access via an HTTP session on port 10000, as demonstrated by reading the modem...

How severe is CVE-2019-9484?

CVE-2019-9484 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-9484?

Check the references section above for vendor advisories and patch information. Affected products include: Carel Pcoweb Card Firmware, Carel Pcoweb Card.