PT-2024-2712 · Adtran · Adtran Netvanta 3120
Edward Warren
·
Published
2024-03-26
·
Updated
2024-10-28
·
CVE-2024-28093
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
AdTran NetVanta 3120 version 18.01.01.00.E
Description
The issue is related to the TELNET service of AdTran NetVanta 3120 devices, which is enabled by default and has default credentials for a root-level account. This is associated with weaknesses in access control. Exploitation of the issue may allow a remote attacker to gain unauthorized access to the device.
Recommendations
For AdTran NetVanta 3120 version 18.01.01.00.E, consider disabling the TELNET service or restricting access to it as a temporary workaround until a patch is available. Apply patches as soon as possible to fully resolve the issue.
Exploit
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Adtran Netvanta 3120