Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses default credentials.
CWE-255: Credentials Management - CVE-2016-6551
Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses non-random default credentials of: ftp/ftp or intellian:12345678. A remote network attacker can gain elevated access to a vulnerable device.
A remote attacker can take control of a device using default credentials.
The CERT/CC is currently unaware of a practical solution to this problem.
Restrict access and use strong passwords
As a general good security practice, only allow trusted hosts to connect to the device. Use of strong, unique passwords can help reduce the efficacy of brute force password guessing attacks.
Vendor| Status| Date Notified| Date Updated
Intellian Technologies, Inc.| | -| 11 Oct 2016
If you are a vendor and your product is affected, let us know.
Group | Score | Vector
Base | 4.4 | AV:L/AC:M/Au:N/C:P/I:P/A:P
Temporal | 4.0 | E:F/RL:W/RC:ND
Environmental | 3.0 | CDP:N/TD:M/CR:ND/IR:ND/AR:ND
Thanks to Ory Segal and Ezra Caltum for reporting this vulnerability.
This document was written by Trent Novelly.