Kyri Lea

**Name of the Vulnerable Software and Affected Versions** Precor touchscreen console P62, P80, and P82 **Description** The issue allows a remote attacker within the local network to bypass security restrictions and access the service menu due to a hard-coded service code. **Recommendations** For Precor touchscreen console P62, P80, and P82, consider restricting access to the service menu until a patch is available. As a temporary workaround, avoid using the hard-coded service code in the affected consoles to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Precor touchscreen console P82 **Description** The issue concerns a private SSH key in the Precor touchscreen console P82 that corresponds to a default public key. This could allow a remote attacker to gain root privileges. **Recommendations** For Precor touchscreen console P82, consider disabling SSH access until a patch or fix is available to prevent exploitation. Restrict access to the console to minimize the risk of unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Precor touchscreen console versions P62, P80, and P82 **Description** The issue allows a remote attacker to obtain sensitive information because the root password is stored in /etc/passwd. An attacker could exploit this to extract files and obtain sensitive information. **Recommendations** For Precor touchscreen console versions P62, P80, and P82, consider restricting access to the /etc/passwd file as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Precor touchscreen console versions P62, P80, and P82 **Description** The issue concerns a default SSH public key in the authorized keys file, which could be exploited by a remote attacker to gain root privileges. **Recommendations** For Precor touchscreen console versions P62, P80, and P82, remove the default SSH public key from the authorized keys file to prevent unauthorized access.