PT-2020-8625 · Ingenico · Ingenico Telium 2
Aleksey Stennikov
+5
·
Published
2020-09-09
·
Updated
2022-10-07
·
CVE-2018-17771
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Ingenico Telium 2 POS terminals versions prior to Telium 2 SDK v9.32.03 patch N
Description:
The issue concerns hardcoded FTP credentials in Ingenico Telium 2 POS terminals. This allows unauthorized access. The problem is fixed in Telium 2 SDK v9.32.03 patch N.
Recommendations:
For versions prior to Telium 2 SDK v9.32.03 patch N, update to Telium 2 SDK v9.32.03 patch N to resolve the issue. As a temporary workaround, consider restricting access to the FTP credentials until the patch is applied.
Exploit
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ingenico Telium 2