PT-2024-30088 · H3C · H3C Magic B1St
Published
2024-08-16
·
Updated
2024-09-11
·
CVE-2024-42638
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
H3C Magic B1ST version v100R012
Description
A hardcoded password vulnerability was discovered in /etc/shadow, allowing attackers to log in as root. This issue affects the H3C Magic B1ST device, potentially allowing unauthorized access.
Recommendations
For H3C Magic B1ST version v100R012, consider changing the hardcoded password in /etc/shadow to a unique and secure password to prevent unauthorized access. As a temporary workaround, restrict root login access until a patch is available.
Exploit
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
H3C Magic B1St