CVE-2020-11965

Name of the Vulnerable Software and Affected Versions IQrouter versions 3.3.1 and earlier

Description The issue allows attackers to gain full remote access via SSH due to a root user without a password. This can occur on a brand-new network that has not been configured, specifically after initiating the forced initial configuration but before setting a secure password on the system. It is noted that this condition is also true for any unconfigured release of OpenWRT and many other new Linux distributions prior to their first configuration.

Recommendations For IQrouter versions 3.3.1 and earlier, set a secure password on the system during the initial configuration to prevent unauthorized access. As a temporary workaround, consider disabling remote SSH access until a secure password is set.