Oring · Oring Net Iap-420 · CVE-2022-3203
**Name of the Vulnerable Software and Affected Versions**
ORing net IAP-420(+) version 2.0m
**Description**
The issue allows unauthorized access to the device via telnet, using hardcoded credentials, which provides an administrative shell. These credentials reset to defaults with every reboot, allowing repeated unauthorized access.
**Recommendations**
For version 2.0m, as a temporary workaround, consider restricting access to the telnet server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.