CVE-2018-18473

Name of the Vulnerable Software and Affected Versions PATLITE NH-FB Series devices version 1.45 or earlier PATLITE NH-FV Series devices version 1.10 or earlier PATLITE NBM Series devices version 1.09 or earlier

Description A hidden backdoor in the affected devices allows attackers to enable an SSH daemon using the kankichi or kamiyo4 password via the " secret1.htm" URI. This enables remote code execution, allowing an attacker to take over the system using the default root password for the root account.

Recommendations For PATLITE NH-FB Series devices version 1.45 or earlier, update the firmware to a version later than 1.45. For PATLITE NH-FV Series devices version 1.10 or earlier, update the firmware to a version later than 1.10. For PATLITE NBM Series devices version 1.09 or earlier, update the firmware to a version later than 1.09.