PT-2017-3117 · Jantek+1 · Jantek Jtc-200+1

Karn Ganeshan

Published

2017-10-12

Updated

2017-11-03

CVE-2016-5791

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions JanTek JTC-200, all versions

Description An issue with improper authentication was found, allowing access to an undocumented BusyBox Linux shell over the TELNET service without authentication. This could enable a remote attacker to bypass authentication procedures and gain access to the shell.

Recommendations For all versions, consider disabling the TELNET service as a temporary workaround until a patch is available. Restrict access to the BusyBox Linux shell to minimize the risk of exploitation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

BDU:2017-02515

CVE-2016-5791

Affected Products

Busybox

Jantek Jtc-200

PT-2017-3117 · Jantek+1 · Jantek Jtc-200+1

CVE-2016-5791

Weakness Enumeration

Related Identifiers

Affected Products

References · 3