Dwoodard1

**Name of the Vulnerable Software and Affected Versions** Kura versions prior to 2.1.0 **Description** The issue allows for unauthorized access to the device due to the Equinox console port 5002 being left open. This enables logging into Kura without user credentials over unencrypted telnet and executing commands using the Equinox `exec` command. As the process runs as `root`, full control over the device can be acquired. Additionally, IPv6 is left in auto-configuration mode, accepting router advertisements and assigning a MAC address-based IPv6 address. **Recommendations** For versions prior to 2.1.0, update to version 2.1.0 or later to resolve the issue. As a temporary workaround, consider disabling the Equinox console port 5002 to prevent unauthorized access until a patch is available. Restrict access to the Equinox `exec` command to minimize the risk of exploitation. Avoid using unencrypted telnet for remote access until the issue is resolved.