PT-2018-11123 · Momentum · Momentum Axel 720P

Published

2018-06-13

Updated

2018-08-14

CVE-2018-12323

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Momentum Axel 720P version 5.1.8

Description An issue was discovered where a password is hard-coded for the root and admin accounts, making it easier for physically proximate attackers to login at the console. The hard-coded password is EHLGVG.

Recommendations For Momentum Axel 720P version 5.1.8, consider changing the hard-coded password EHLGVG for the root and admin accounts to a unique and secure password to prevent unauthorized access. As a temporary workaround, restrict physical access to the console to minimize the risk of exploitation.

Exploit

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2018-12323

Affected Products

Momentum Axel 720P

PT-2018-11123 · Momentum · Momentum Axel 720P

CVE-2018-12323

Weakness Enumeration

Related Identifiers

Affected Products

References · 3