Auto-Maskin RP210E, DCU210E, and Marine Observer Pro (Android App) (ICSA-20-051-04)

CISA has published an advisory on cleartext transmission of sensitive information, origin validation error, use of hard-coded credentials, weak password recovery mechanism for forgotten password, and weak password requirements vulnerabilities in Auto-Maskin RP210E, DCU210E, and Marine Observer Pro (Android App). Versions 3.7 and prior of these products are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to gain root access to the underlying operating system of the device and may allow read/write access. Auto-Maskin reports new firmware is available to download from its website that mitigates the reported vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.