Green Packet DX-350 contains insecure default credentials

Overview

Green Packet DX-350 uses default credentials

Description

CWE-255**: Credentials Management -**CVE-2016-6552

Green Packet DX-350 uses non-random default credentials of: root:wimax. A remote network attacker can gain privileged access to a vulnerable device.

---

Impact

A remote attacker can take complete control of a device using default admin credentials.

---

Solution

The CERT/CC is currently unaware of a practical solution to this problem.

---

Restrict access and use strong passwords

As a general good security practice, only allow trusted hosts to connect to the device. Use of strong, unique passwords can help reduce the efficacy of brute force password guessing attacks.

---

Vendor Information

970379

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Green Packet Unknown

Updated: October 11, 2016

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CVSS Metrics

Group	Score	Vector
Base	6.9	AV:L/AC:M/Au:N/C:C/I:C/A:C
Temporal	6.2	E:F/RL:W/RC:ND
Environmental	4.7	CDP:N/TD:M/CR:ND/IR:ND/AR:ND

References

• <http://cwe.mitre.org/data/definitions/255.html&gt;
• <https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshowdown-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pdf&gt;

Acknowledgements

Thanks to Ory Segal and Ezra Caltum for reporting this vulnerability.

This document was written by Trent Novelly.

Other Information

CVE IDs:	CVE-2016-6552
Date Public:	2016-10-20 Date First Published: