CVE-2017-7649

Name of the Vulnerable Software and Affected Versions Kura versions prior to 2.1.0

Description The issue allows for unauthorized access to the device due to the Equinox console port 5002 being left open. This enables logging into Kura without user credentials over unencrypted telnet and executing commands using the Equinox exec command. As the process runs as root, full control over the device can be acquired. Additionally, IPv6 is left in auto-configuration mode, accepting router advertisements and assigning a MAC address-based IPv6 address.

Recommendations For versions prior to 2.1.0, update to version 2.1.0 or later to resolve the issue. As a temporary workaround, consider disabling the Equinox console port 5002 to prevent unauthorized access until a patch is available. Restrict access to the Equinox exec command to minimize the risk of exploitation. Avoid using unencrypted telnet for remote access until the issue is resolved.