CVE-2024-36080

Name of the Vulnerable Software and Affected Versions Westermo EDW-100 devices through 2024-05-03

Description The issue is related to a hidden root user account with a hardcoded password that cannot be changed in Westermo EDW-100 devices. This could allow a remote attacker to disclose information about the username and password for the root account. The Westermo EDW-100 is a serial-to-Ethernet converter and should not be placed at the edge of the network.

Recommendations For Westermo EDW-100 devices through 2024-05-03, consider disabling the root user account until a patch is available. Restrict access to the device to minimize the risk of exploitation. Avoid using the device at the edge of the network. At the moment, there is no information about a newer version that contains a fix for this vulnerability.