PT-2021-21715 · Unknown+1 · Tx9 Automatic Food Dispenser+1
Published
2021-07-26
·
Updated
2024-02-13
·
CVE-2021-37555
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
TX9 Automatic Food Dispenser version 3.2.57
Description
The issue allows access to a shell as root/superuser. To connect, the telnet service is used on port 23 with the default password
059AnkJ for the root account. The user can then download the filesystem through preinstalled BusyBox utilities, such as tar and nc.Recommendations
For TX9 Automatic Food Dispenser version 3.2.57, change the default password
059AnkJ for the root account to prevent unauthorized access. Consider disabling the telnet service on port 23 until a more secure method of access is implemented. As a temporary workaround, restrict access to the preinstalled BusyBox utilities, such as tar and nc, to minimize the risk of exploitation.Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Busybox
Tx9 Automatic Food Dispenser