3 matches found
CVE-2018-16158
Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins to uid 0 via the PubkeyAuthentication...
CVE-2018-16158
creationtimestamp| type| source ---|---|--- 2018-11-21 22:45:32+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/ssh/eatonxpertbackdoor.rb 2025-02-06 03:13:43+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:10:05+00:00| seen|...
CVE-2018-16158
CVE-2018-16158 affects Eaton Power Xpert Meter 4000, 6000, and 8000 devices prior to firmware 13.4.0.10. A single SSH private key is shared across different customers’ installations and access to this key is not properly restricted, enabling remote attackers to log in via PubkeyAuthentication as ...