Lucene search

[email protected]CVE-2009-3710

HistoryOct 16, 2009 - 4:30 p.m.

CVE-2009-3710

2009-10-1616:30:00

CWE-255

[email protected]

web.nvd.nist.gov

cve-2009-3710

riorey rios

ssh tunnel

hard-coded credentials

remote attackers

privileges

nvd

7.4 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.022 Low

EPSS

Percentile

89.3%

JSON

RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username (dbadmin) and password (sq!us3r) for an SSH tunnel, which allows remote attackers to gain privileges via port 8022.

CPENameOperatorVersion
riorey:riosriorey rioseq4.7.0
riorey:riosriorey rioseq4.6.6

CPE	Name	Operator	Version
riorey:rios	riorey rios	eq	4.7.0
riorey:rios	riorey rios	eq	4.6.6

References

osvdb.org/58858

packetstormsecurity.org/0910-exploits/riorey-passwd.txt

secunia.com/advisories/36971

7.4 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.022 Low

EPSS

Percentile

89.3%

JSON

Related for CVE-2009-3710

prion1 nessus1