Intellian Satellite TV t-Series and v-Series firmware contains insecure default credentials

Overview

Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses default credentials.

Description

CWE-255**: Credentials Management**** -**CVE-2016-6551

Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses non-random default credentials of: ftp/ftp or intellian:12345678. A remote network attacker can gain elevated access to a vulnerable device.

---

Impact

A remote attacker can take control of a device using default credentials.

---

Solution

The CERT/CC is currently unaware of a practical solution to this problem.

---

Restrict access and use strong passwords

As a general good security practice, only allow trusted hosts to connect to the device. Use of strong, unique passwords can help reduce the efficacy of brute force password guessing attacks.

---

Vendor Information

200907

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Intellian Technologies, Inc. Unknown

Updated: October 11, 2016

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CVSS Metrics

Group	Score	Vector
Base	4.4	AV:L/AC:M/Au:N/C:P/I:P/A:P
Temporal	4	E:F/RL:W/RC:ND
Environmental	3.0	CDP:N/TD:M/CR:ND/IR:ND/AR:ND

References

• <http://cwe.mitre.org/data/definitions/255.html&gt;
• <https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshowdown-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pdf&gt;

Acknowledgements

Thanks to Ory Segal and Ezra Caltum for reporting this vulnerability.

This document was written by Trent Novelly.

Other Information

CVE IDs:	CVE-2016-6551
Date Public:	2016-10-20 Date First Published: