PT-2018-11085 · Momentum · Momentum Axel 720P

Publicado

2018-06-12

Atualizado

2019-10-03

CVE-2018-12260

CVSS v3.1

6.7

Média

Vetor

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Momentum Axel 720P version 5.1.8

Description An issue allows the root password to be obtained in cleartext by issuing the command 'showKey' from the root CLI. This password may be the same on all devices.

Recommendations For version 5.1.8, consider changing the root password to a unique value for each device to minimize the risk of exploitation. As a temporary workaround, restrict access to the root CLI to prevent unauthorized users from issuing the 'showKey' command.

Exploit

Correção

Insufficiently Protected Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522

Identificadores relacionados

CVE-2018-12260

Produtos afetados

Momentum Axel 720P

PT-2018-11085 · Momentum · Momentum Axel 720P

CVE-2018-12260

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3