CVE-2024-31970
July 24, 2024, 5:12 p.m.
Tags
Product(s) Impacted
AdTran SRG 834-5 HDC17600021F1 devices
- 11.1.1.1
- 12.1.3.1
Description
AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have SSH enabled by default, accessible both over the LAN and the Internet. During a window of time when the device is being set up, it uses a default username and password combination of admin/admin with root-level privileges. An attacker can exploit this window to gain unauthorized root access by either modifying the existing admin account or creating a new account with equivalent privileges. This vulnerability allows attackers to execute arbitrary commands.
Weaknesses
Date
Published: July 24, 2024, 4:15 p.m.
Last Modified: July 24, 2024, 5:12 p.m.
Status : Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
More infoSource
cve@mitre.org