CVE-2021-47744

CVSS v3.1

7.5

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cypress Solutions CTM-200/CTM-ONE version 1.3.6

Description The software contains a hard-coded credential issue in its Linux distribution, exposing root access. An attacker can exploit the static password 'Chameleon' to gain remote root access via Telnet or SSH on affected devices.

Recommendations Change the default 'Chameleon' password to a strong, unique password. Disable Telnet access and rely on SSH for remote administration. Restrict SSH access to authorized users and networks.

Exploit

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2021-47744

Affected Products

Cypress Solutions Ctm-200

Cypress Solutions Ctm-One

CVE-2021-47744

Weakness Enumeration

Related Identifiers

Affected Products

References · 8