PT-2018-11233 · Telesquare · Sdt-Cw3B1+1

Publicado

2018-06-21

Atualizado

2018-08-14

CVE-2018-12526

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Telesquare SDT-CS3B1 and SDT-CW3B1 devices versions prior to 1.2.0 Telesquare SDT-CS3B1 and SDT-CW3B1 devices version 1.2.0

Description The issue concerns a default factory account in the devices. Remote attackers can obtain access to the device via TELNET using a hardcoded account.

Recommendations For Telesquare SDT-CS3B1 and SDT-CW3B1 devices versions prior to 1.2.0, update to a version later than 1.2.0 to remove the default factory account. For Telesquare SDT-CS3B1 and SDT-CW3B1 devices version 1.2.0, update to a version later than 1.2.0 to remove the default factory account. As a temporary workaround, consider disabling TELNET access to the device until a patch is available.

Correção

Using Hardcoded Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-798

Identificadores relacionados

CVE-2018-12526

Produtos afetados

Sdt-Cs3B1

Sdt-Cw3B1

PT-2018-11233 · Telesquare · Sdt-Cw3B1+1

CVE-2018-12526

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4