CVE-2022-1039

Name of the Vulnerable Software and Affected Versions DA50N (affected versions not specified)

Description The issue is related to weak password requirements on the web interface of the DA50N device. This weakness can be exploited remotely via HTTP or HTTPS, allowing an attacker to gain full access to the device. Once access is obtained, other passwords can be changed. Additionally, weak passwords on Linux accounts can be accessed via SSH or Telnet, with SSH being enabled by default on trusted interfaces. Although the SSH service does not support root login, a user can elevate to root access using the su command if they have the associated password.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.