Описание
USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. The credentials cannot be altered through normal operation of the device.
Ссылки
- Vendor Advisory
- ExploitThird Party Advisory
- Vendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:usr:usr-g808_firmware:1.0.36:*:*:*:*:*:*:*
cpe:2.3:h:usr:usr-g808:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:usr:usr-g807_firmware:1.0.36:*:*:*:*:*:*:*
cpe:2.3:h:usr:usr-g807:-:*:*:*:*:*:*:*
Конфигурация 3
Одновременно
cpe:2.3:o:usr:usr-g806_firmware:1.0.36:*:*:*:*:*:*:*
cpe:2.3:h:usr:usr-g806:-:*:*:*:*:*:*:*
Конфигурация 4
Одновременно
cpe:2.3:o:usr:usr-g800v2_firmware:1.0.36:*:*:*:*:*:*:*
cpe:2.3:h:usr:usr-g800v2:-:*:*:*:*:*:*:*
Конфигурация 5
Одновременно
cpe:2.3:o:usr:usr-lg220-l_firmware:1.2.7:*:*:*:*:*:*:*
cpe:2.3:h:usr:usr-lg220-l:-:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00643
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-798
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. The credentials cannot be altered through normal operation of the device.
EPSS
Процентиль: 70%
0.00643
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-798