PT-2018-11233 · Telesquare · Sdt-Cw3B1+1
Published
2018-06-21
·
Updated
2018-08-14
·
CVE-2018-12526
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Telesquare SDT-CS3B1 and SDT-CW3B1 devices versions prior to 1.2.0
Telesquare SDT-CS3B1 and SDT-CW3B1 devices version 1.2.0
Description
The issue concerns a default factory account in the devices. Remote attackers can obtain access to the device via TELNET using a hardcoded account.
Recommendations
For Telesquare SDT-CS3B1 and SDT-CW3B1 devices versions prior to 1.2.0, update to a version later than 1.2.0 to remove the default factory account.
For Telesquare SDT-CS3B1 and SDT-CW3B1 devices version 1.2.0, update to a version later than 1.2.0 to remove the default factory account.
As a temporary workaround, consider disabling TELNET access to the device until a patch is available.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sdt-Cs3B1
Sdt-Cw3B1