CVE-2020-26097

Опубликовано: 18 нояб. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the device is possible. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Ссылки

https://www.sec-research.com/1604584604-hard-coded-credentials-in-netzwerk-videorekorder-planet-nvr-915.html
Exploit
Third Party Advisory
https://www.sec-research.com/1604584604-hard-coded-credentials-in-netzwerk-videorekorder-planet-nvr-915.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:planet:nvr-915_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:planet:nvr-915:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:planet:nvr-1615_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:planet:nvr-1615:-:*:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00389

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-798

Связанные уязвимости

GHSA-g48h-whqf-89hj