E3 Site Supervisor Default Admin Password Vulnerability in Firmware Versions Prior to 2.31F01

Vulnerability

A vulnerability exists in E3 Site Supervisor firmware versions prior to 2.31F01, where a default admin user named 'ONEDAY' is assigned a password that is generated daily. This predictable password generation allows an attacker to easily anticipate the password for the 'ONEDAY' user. Additionally, the 'ONEDAY' user cannot be deleted or modified by any user.

Impact

Exploitation of this vulnerability allows for unauthorized access to the admin account 'ONEDAY', potentially leading to elevated privileges and unauthorized actions within the application.

Added: Sep 2, 2025, 12:31 PM

Updated: Sep 2, 2025, 4:03 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.4

remediation

0.0

relevance

0.4

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.4

remediation

0.0

relevance

0.4

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

E3 Site Supervisor Default Admin Password Vulnerability in Firmware Versions Prior to 2.31F01

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating