PT-2014-1988 · Konke · Konke Smart Plug K

Gamehacker

Published

2014-10-17

Updated

2017-03-28

CVE-2014-7279

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Konke Smart Plug K (affected versions not specified)

Description The issue concerns the lack of authentication for TELNET sessions, allowing remote attackers to gain equipment management authority via TCP traffic to port 23. This can enable a remote attacker to manage the device with root privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-306

Related Identifiers

BDU:2017-02499

CVE-2014-7279

Affected Products

Konke Smart Plug K

PT-2014-1988 · Konke · Konke Smart Plug K

CVE-2014-7279

Weakness Enumeration

Related Identifiers

Affected Products

References · 4