Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have SSH enabled by default, accessible both over the LAN and the Internet. During a window of time when the device is being set up, it uses a default username and password combination of admin/admin with root-level privileges. An attacker can exploit this window to gain unauthorized root access by either modifying the existing admin account or creating a new account with equivalent privileges. This vulnerability allows attackers to execute arbitrary commands. NOTE: The vendor has disputed this, finding the report not applicable. According to AdTran, SSH has never been accessible (from WAN) on SmartOS official builds. Furthermore, the vendor adds that test build 11.1.0.101-202106231430 was never released to end users.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
AdTran SRG 834-5 HDC17600021F1 安全漏洞
Vulnerability Description
AdTran SRG 834-5 HDC17600021F1是美国Adtran的一款千兆以太网网关 AdTran SRG 834-5 HDC17600021F1 SmartOS 11.1.1.1版本存在安全漏洞,该漏洞源于设备默认启用了SSH,导致攻击者可通过修改现有管理员帐户或创建具有同等权限的新帐户来获得未经授权的root访问权限。
CVSS Information
N/A
Vulnerability Type
N/A