CVE-2018-5399

Name of the Vulnerable Software and Affected Versions Auto-Maskin DCU-210E RP-210E versions prior to 3.7 on ARMv7

Description The firmware of the Auto-Maskin DCU 210E contains an undocumented Dropbear SSH server, version 2015.55, which listens on Port 22. This server is configured with a hard-coded username and password combination of root / amroot, and it uses password-only authentication. An attacker can exploit this issue to gain root access to the Angstrom Linux operating system, allowing modification of any binaries or configuration files in the firmware.

Recommendations For versions prior to 3.7 on ARMv7, update to version 3.7 or later to resolve the issue. As a temporary workaround, consider disabling the Dropbear SSH server until a patch is available. Restrict access to Port 22 to minimize the risk of exploitation. Avoid using the hard-coded username and password combination until the issue is resolved.