PT-2018-11085 · Momentum · Momentum Axel 720P

Published

2018-06-12

Updated

2019-10-03

CVE-2018-12260

CVSS v3.1

6.7

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Momentum Axel 720P version 5.1.8

Description An issue allows the root password to be obtained in cleartext by issuing the command 'showKey' from the root CLI. This password may be the same on all devices.

Recommendations For version 5.1.8, consider changing the root password to a unique value for each device to minimize the risk of exploitation. As a temporary workaround, restrict access to the root CLI to prevent unauthorized users from issuing the 'showKey' command.

Exploit

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2018-12260

Affected Products

Momentum Axel 720P

PT-2018-11085 · Momentum · Momentum Axel 720P

CVE-2018-12260

Weakness Enumeration

Related Identifiers

Affected Products

References · 3