CVE-2015-3968

Name of the Vulnerable Software and Affected Versions Janitza UMG devices versions 508, 509, 511, 604, 605

Description The issue is related to the FTP service on the devices, which has a default password. This makes it easier for remote attackers to read or write to files via a session on TCP port 21. The vulnerability can be exploited by creating a TCP session on port 21, allowing remote attackers to access files.

Recommendations For Janitza UMG devices versions 508, 509, 511, 604, 605, consider changing the default password for the FTP service to prevent unauthorized access. As a temporary workaround, restrict access to the FTP service on TCP port 21 to minimize the risk of exploitation.