Cypress CTM-200/CTM-ONE 硬编码凭证远程Root访问漏洞

Vulnerability ID: ZSL-2021-5686 Title: Cypress Solutions CTM-200/CTM-ONE Hard-coded Credentials Remote Root (Telnet/SSH) Type: Local/Remote Impact: System Access, DoS Risk: (5/5) Release Date: 10.10.2021 Summary: - CTM-200 and CTM-ONE are industrial cellular wireless gateways vulnerable to hard-coded credentials in their Linux distribution image. Affected Versions: - CTM-ONE (1.3.6-latest) - CTM-ONE (1.3.1) - CTM-ONE (1.1.9) - CTM200 (2.7.1.5659-latest) - CTM200(2.0.5.3356-184) Vendor Status: - Vulnerability discovered on [21.09.2021] - Vendor contacted on [23.09.2021] - No response from the vendor on [09.10.2021] - Public security advisory released on [10.10.2021] Proof of Concept (PoC): - cypress_ssh.py References: - [1] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5479.php - [2] https://www.exploit-db.com/exploits/50407 - [3] https://packetstormsecurity.com/files/164466 - [4] https://cxsecurity.com/issue/WLB-2021100052 - [5] https://exchange.xforce.ibmcloud.com/vulnerabilities/211080 Contact: - Web: https://www.zeroscience.mk - E-mail: lab@zeroscience.mk

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

Cypress CTM-200/CTM-ONE 硬编码凭证远程Root访问漏洞

目标达成感谢每一位支持者 — 我们达成了 100% 目标！