CVE-2018-10532

Name of the Vulnerable Software and Affected Versions: EE 4GEE HH70VB-2BE8GB3 HH70 E1 02.00 19

Description: An issue was discovered where hardcoded root SSH credentials are stored within the core app binary, which is used by the EE router for networking services. The default password is oelinux123. An attacker with knowledge of this password could login to the router via SSH as the root user, potentially leading to the loss of confidentiality, integrity, and availability of the system. This could also allow for the bypass of the "AP Isolation" mode and modification of settings for multiple Wireless networks.

Recommendations: For EE 4GEE HH70VB-2BE8GB3 HH70 E1 02.00 19, consider changing the default SSH credentials to prevent unauthorized access. As a temporary workaround, restrict SSH access to the router until a patch is available.