PT-2021-7252 · Infiray · Infiray Iray-A8Z3

F. Lienhart

Published

2021-02-01

Updated

2022-07-25

CVE-2022-31211

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Infiray IRAY-A8Z3 version 1.0.957

Description An issue was discovered in Infiray IRAY-A8Z3, where there is a blank root password for TELNET by default. This allows an attacker to gain root privileges by connecting through port 23.

Recommendations For Infiray IRAY-A8Z3 version 1.0.957, consider changing the root password for TELNET to prevent unauthorized access. As a temporary workaround, restrict access to port 23 to minimize the risk of exploitation.

Exploit

Fix

Improper Authentication

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-284CWE-521

Related Identifiers

BDU:2022-04188

CVE-2022-31211

Affected Products

Infiray Iray-A8Z3

PT-2021-7252 · Infiray · Infiray Iray-A8Z3

CVE-2022-31211

Weakness Enumeration

Related Identifiers

Affected Products

References · 7