PT-2020-16280 · Planet Technology · Nvr-1615+1
Published
2020-11-18
·
Updated
2024-08-04
·
CVE-2020-26097
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
PLANET Technology Corp NVR-915 versions before 2020-10-28
PLANET Technology Corp NVR-1615 versions before 2020-10-28
Description
The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the device is possible. This issue only affects products that are no longer supported by the maintainer.
Recommendations
For PLANET Technology Corp NVR-915 versions before 2020-10-28, consider disabling telnet access to prevent remote root access.
For PLANET Technology Corp NVR-1615 versions before 2020-10-28, consider disabling telnet access to prevent remote root access.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nvr-1615
Nvr-915