9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.257 Low
EPSS
Percentile
96.6%
DSL routers by ASUS, DIGICOM, Observa Telecom, Philippine Long Distance Telephone (PLDT), and ZTE contain hard-coded โXXXXairocon
โ credentials
CWE-798: Use of Hard-coded Credentials
DSL routers, including the ASUS DSL-N12E, DIGICOM DG-5524T, Observa Telecom RTA01N, Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN and Kasda KW58293, and ZTE ZXV10 W300 contain hard-coded credentials that are useable in the telnet service on the device. In the ASUS, DIGICOM, Observa Telecom, and ZTE devices, the username is โadmin
,โ in the PLDT devices, the user name is โadminpldt
,โ and in all affected devices, the password is โXXXXairocon
โ where โXXXX
โ is the last four characters of the deviceโs MAC address. The MAC address may be obtainable over SNMP with community string public
.
The vulnerability was previously disclosed in VU#228886 and assigned CVE-2014-0329 for ZTE ZXV10 W300, but it was not known at the time that the same vulnerability affected products published by other vendors. The Observa Telecom RTA01N was previously disclosed on the Full Disclosure mailing list.
A remote attacker may utilize these credentials to gain administrator access to the device.
The CERT/CC is currently unaware of a practical solution to this problem and recommends the following workaround:
Restrict access
Enable firewall rules so the telnet service of the device is not accessible to untrusted sources. Enable firewall rules that block SNMP on the device.
950576
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: May 04, 2015 Updated: August 25, 2015
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
The Asus DSL-N12E is affected.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23950576 Feedback>).
Updated: August 25, 2015
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
DIGICOM DG-5624T is affected.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23950576 Feedback>).
Updated: August 25, 2015
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Observa Telecom RTA01N is affected.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23950576 Feedback>).
Notified: June 02, 2015 Updated: August 27, 2015
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Philippine Long Distance Telephone SpeedSurf 504AN and Kasda KW58293 are affected.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23950576 Feedback>).
Notified: December 03, 2013 Updated: August 25, 2015
Statement Date: March 12, 2014
Affected
'According to the vulnerability found in ZTE ZXV10 W300 router version 2.1.0, a mitigation measure has been adopted in the W300 general frame structure versions after 2011, which means the ZTE ZXV10 W300 router produced since 2011 has closed the telnet default function to avoid the information security
incident caused by such vulnerability. If any customer has a special requirement, please follow the instructions in our product manual to open the telnet function, but ZTE will not bear the legal liability for any security incident loss that might be the consequence of this operation. If you have any questions please contact us by calling our 24h service hotline +86-755-26770188.โ
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Temporal | 8 | E:POC/RL:U/RC:UR |
Environmental | 6.0 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
Thanks to Walter Mostosi for reporting the issue affecting ASUS devices, Naresh LamGarde for DIGICOM devices, and to Eskie Cirrus James Maquilang for PLDT devices. Thanks again to Cesar Neira for reporting the issue in ZTE devices, and to Jose Antonio Rodriguez Garcia for disclosing the Observa Telecom vulnerability to Full Disclosure.
This document was written by Joel Land and Garret Wassermann.
CVE IDs: | None |
---|---|
Date Public: | 2015-08-25 Date First Published: |