CyberSec.Space Logo
Back to CVE Browser

CVE-2004-2048

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1670%
EPSS Percentile5.61th
PublishedDec 31, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier starts a process port 25072 that can be accessed with a default "jstwo" password, which allows remote attackers to gain access.

Affected Platforms (CPE)

πŸ”Œ
Esesix

Thintune Extreme

= 2.4.38
πŸ”Œ
Esesix

Thintune L

= 2.4.38
πŸ”Œ
Esesix

Thintune M

= 2.4.38
πŸ”Œ
Esesix

Thintune Mobile

= 2.4.38
πŸ”Œ
Esesix

Thintune S

= 2.4.38
πŸ”Œ
Esesix

Thintune Xm

= 2.4.38
πŸ”Œ
Esesix

Thintune Xs

= 2.4.38

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=109068491801021&w=2
πŸ”— http://secunia.com/advisories/12154
πŸ”— http://securitytracker.com/id?1010770
πŸ”— http://www.osvdb.org/8246
πŸ”— http://www.securityfocus.com/bid/10794
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/16790
πŸ”— http://marc.info/?l=bugtraq&m=109068491801021&w=2
πŸ”— http://secunia.com/advisories/12154

Related Vulnerabilities

CVE-2004-101210.0

The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arb...

CVE-2004-106710.0

Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may al...

CVE-2004-100610.0

Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via cer...

CVE-2004-000210.0

The TCP MSS (maximum segment size) functionality in netinet allows remote attackers to cause a denial of service (resource exhaust...