CVE-2023-2611

Name of the Vulnerable Software and Affected Versions Advantech R-SeeNet version 2.4.22

Description The issue is related to the use of hard-coded credentials in Advantech R-SeeNet. This allows a remote attacker to exploit the vulnerability and gain elevated privileges. The software comes with a hidden root-level user that is not available in the users list, and this user has a password that cannot be changed by users. The credentials for this hidden user are username: root and password: conel.

Recommendations For Advantech R-SeeNet version 2.4.22, consider changing the hard-coded password for the hidden root-level user to a unique and secure password as soon as possible. As a temporary workaround, restrict access to the root-level user until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.