CVE-2013-4734
7.3 HIGHdasdec_mkuser on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2...
Published: 2013-06-30 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 7.3 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-330
Affected products
| Vendor | Product |
|---|---|
| digital_alert_systems | dasdec_eas, r189_one-net_eas |
| monroe_electronics | dasdec_eas, r189_one-net_eas |
Description
dasdec_mkuser on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 generates predictable passwords, which might make it easier for attackers to obtain non-administrative access via unspecified vectors.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2013-4734
- [Vendor advisory]http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdf
- [Other]http://www.kb.cert.org/vuls/id/662676
- [Other]http://www.kb.cert.org/vuls/id/AAMN-98MU7H
- [Other]http://www.kb.cert.org/vuls/id/AAMN-98MUK2
- [Vendor advisory]http://www.monroe-electronics.com/MONROE_ELECTRONICS_PDF/130604-Monroe-Security-PR.pdf
- [Vendor advisory]http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdf
- [Other]http://www.kb.cert.org/vuls/id/662676
- [Other]http://www.kb.cert.org/vuls/id/AAMN-98MU7H
- [Other]http://www.kb.cert.org/vuls/id/AAMN-98MUK2
- [Vendor advisory]http://www.monroe-electronics.com/MONROE_ELECTRONICS_PDF/130604-Monroe-Security-PR.pdf
Related CVEs
Same vendor
- CVE-2013-4733 — The web server on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-... (7.5 HIGH)
Same CWE
- CVE-2026-50009 — Netty is a network application framework for development of protocol servers and clients (4.8 MEDIUM)
- CVE-2026-45673 — Netty is a network application framework for development of protocol servers and clients (6.8 MEDIUM)
- CVE-2026-41701 — Correlation IDs for replies in the RabbitTemplate.sendAndReceive() with the fixed reply queue are predictable due to internal simple counter (4.4 MEDIUM)
- CVE-2026-41838 — IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in co... (4.8 MEDIUM)
- CVE-2026-41207 — The netty incubator codec.bhttp is a java language binary http parser (5.3 MEDIUM)