Executive Summary
Summary | |
---|---|
Title | DSL routers contain hard-coded "XXXXairocon" credentials |
Informations | |||
---|---|---|---|
Name | VU#950576 | First vendor Publication | 2015-08-25 |
Vendor | VU-CERT | Last vendor Modification | 2015-08-27 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#950576DSL routers contain hard-coded "XXXXairocon" credentialsOverviewDSL routers by ASUS, DIGICOM, Observa Telecom, Philippine Long Distance Telephone (PLDT), and ZTE contain hard-coded "XXXXairocon" credentials Description
Impact
Solution
Vendor Information (Learn More)
CVSS Metrics (Learn More)
References
CreditThanks to Walter Mostosi for reporting the issue affecting ASUS devices, Naresh LamGarde for DIGICOM devices, and to Eskie Cirrus James Maquilang for PLDT devices. Thanks again to Cesar Neira for reporting the issue in ZTE devices, and to Jose Antonio Rodriguez Garcia for disclosing the Observa Telecom vulnerability to Full Disclosure. This document was written by Joel Land and Garret Wassermann. Other Information
FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email. |
Original Source
Url : http://www.kb.cert.org/vuls/id/950576 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-255 | Credentials Management |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Hardware | 1 |
ExploitDB Exploits
id | Description |
---|---|
2014-02-09 | ZTE ZXV10 W300 Router - Hardcoded Credentials |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-03-05 | Name : The remote device is using a known set of hard-coded credentials. File : zte_zxv10_backdoor.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-06-29 01:31:23 |
|
2015-08-27 21:26:39 |
|
2015-08-27 17:37:18 |
|
2015-08-26 00:22:36 |
|