PT-2019-9596 · Patlite · Patlite Nh-Fb Series+1
Published
2019-03-19
·
Updated
2019-09-09
·
CVE-2018-18473
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
PATLITE NH-FB Series devices version 1.45 or earlier
PATLITE NH-FV Series devices version 1.10 or earlier
PATLITE NBM Series devices version 1.09 or earlier
Description
A hidden backdoor in the affected devices allows attackers to enable an SSH daemon using the
kankichi or kamiyo4 password via the " secret1.htm" URI. This enables remote code execution, allowing an attacker to take over the system using the default root password for the root account.Recommendations
For PATLITE NH-FB Series devices version 1.45 or earlier, update the firmware to a version later than 1.45.
For PATLITE NH-FV Series devices version 1.10 or earlier, update the firmware to a version later than 1.10.
For PATLITE NBM Series devices version 1.09 or earlier, update the firmware to a version later than 1.09.
Exploit
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Patlite Nbm Series
Patlite Nh-Fb Series