PT-2018-17535 · Meross · Meross Mss110

Publicado

2018-05-02

Atualizado

2018-06-13

CVE-2018-6401

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Meross MSS110 devices versions prior to 1.1.24

Description The issue concerns an undocumented admin account with a blank password, accessible through a TELNET listener.

Recommendations For Meross MSS110 devices versions prior to 1.1.24, update to version 1.1.24 or later to resolve the issue.

Exploit

Correção

Using Hardcoded Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

CVE-2018-6401

Meross Mss110