PT-2024-1516 · Vinchin · Vinchin Backup & Recovery
Valentin Lobstein
·
Published
2024-02-01
·
Updated
2025-05-15
·
CVE-2024-22902
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Vinchin Backup & Recovery version 7.2
Description
The issue is related to the use of default root credentials in Vinchin Backup & Recovery. This could allow a remote attacker to gain elevated privileges to the level of a root user by connecting with the default credentials via the SSH protocol.
Recommendations
For Vinchin Backup & Recovery version 7.2, change the default root credentials to secure ones as soon as possible to prevent potential exploitation. Consider restricting SSH access until the credentials are changed.
Exploit
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vinchin Backup & Recovery