CVE-2019-7667

Prima Systems FlexAir devices allow unauthenticated download of the database configuration backup due to a predictable name, resulting in authentication bypass (a login authenticated with the MD5 hash of any user found in the database).

Source: CVE-2019-7667