PT-2009-5969 · Riorey · Riorey Rios

Published

2009-10-16

Updated

2009-10-19

CVE-2009-3710

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions RioRey RIOS versions 4.6.6 and 4.7.0

Description The issue allows remote attackers to gain privileges due to the use of an undocumented, hard-coded username (dbadmin) and password (sq!us3r) for an SSH tunnel. This can be exploited via port 8022.

Recommendations For RioRey RIOS version 4.6.6, change the hard-coded username and password to secure credentials. For RioRey RIOS version 4.7.0, change the hard-coded username and password to secure credentials.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

CVE-2009-3710

Affected Products

Riorey Rios

PT-2009-5969 · Riorey · Riorey Rios

CVE-2009-3710

Weakness Enumeration

Related Identifiers

Affected Products

References · 5