CVE-2024-31970

July 24, 2024, 5:12 p.m.

Tags

cve@mitre.org
2024-07-24
CVE-2024-31970

Product(s) Impacted

AdTran SRG 834-5 HDC17600021F1 devices

  • 11.1.1.1
  • 12.1.3.1

Description

AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have SSH enabled by default, accessible both over the LAN and the Internet. During a window of time when the device is being set up, it uses a default username and password combination of admin/admin with root-level privileges. An attacker can exploit this window to gain unauthorized root access by either modifying the existing admin account or creating a new account with equivalent privileges. This vulnerability allows attackers to execute arbitrary commands.

Weaknesses

Date

Published: July 24, 2024, 4:15 p.m.

Last Modified: July 24, 2024, 5:12 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

cve@mitre.org

References

https://github.com/actuator/cve/blob/main/AdTran/CVE-2024-31970
cve@mitre.org
https://github.com/actuator/cve/blob/main/AdTran/SRG-834-5
cve@mitre.org