CVE-2020-16134

Name of the Vulnerable Software and Affected Versions Swisscom Internet Box 2 versions prior to 10.04.38 Swisscom Internet Box Standard versions prior to 10.04.38 Swisscom Internet Box Plus versions prior to 10.04.38 Swisscom Internet Box 3 versions prior to 11.01.20 Swisscom Internet Box light versions prior to 08.06.06

Description An issue allows an attacker to create a user with elevated privileges on the Sysbus-API, given the credentials for the local Web interface or physical access to a device's plus or reset button. This can be used to modify local or remote SSH access, allowing a login session as the superuser.

Recommendations For Swisscom Internet Box 2 versions prior to 10.04.38, update to version 10.04.38 or later. For Swisscom Internet Box Standard versions prior to 10.04.38, update to version 10.04.38 or later. For Swisscom Internet Box Plus versions prior to 10.04.38, update to version 10.04.38 or later. For Swisscom Internet Box 3 versions prior to 11.01.20, update to version 11.01.20 or later. For Swisscom Internet Box light versions prior to 08.06.06, update to version 08.06.06 or later.