PT-2021-9837 · Mofi Network+1 · Mofi4500-4Gxelte+1
Published
2021-02-01
·
Updated
2024-05-03
·
CVE-2020-15833
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Mofi Network MOFI4500-4GXeLTE version 4.1.5-std
Description
An issue was discovered where the Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modified by the device owner.
Recommendations
For version 4.1.5-std, consider disabling the Dropbear SSH daemon until a patch is available to prevent unauthorized root access. Restrict access to the device to minimize the risk of exploitation.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Mofi4500-4Gxelte