CVE-2024-31970

Name of the Vulnerable Software and Affected Versions AdTran SRG 834-5 devices with SmartOS versions prior to 12.1.3.1

Description The issue is related to the use of hardcoded credentials in the SSH service of the affected devices. This allows a remote attacker to execute arbitrary operating system commands by exploiting a window of time during device setup when default credentials are used. The default username and password combination of admin/admin with root-level privileges can be exploited to gain unauthorized root access. This can be achieved by either modifying the existing admin account or creating a new account with equivalent privileges.

Recommendations For AdTran SRG 834-5 devices with SmartOS versions prior to 12.1.3.1, update to Version 12.1.3.1 or later to resolve the issue. As a temporary workaround, consider changing the default admin/admin credentials immediately after setup to prevent exploitation. Restrict access to the SSH service to minimize the risk of unauthorized access.