← Back to CVEs
CVE-2021-37555
CRITICAL9.8
Description
TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the default password of 059AnkJ for the root account. The user can then download the filesystem through preinstalled BusyBox utilities (e.g., tar and nc).
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published7/26/2021
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
trixie:tx9_automatic_food_dispensertrixie:tx9_automatic_food_dispenser_firmware
Weaknesses (CWE)
CWE-798
References
http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-296520(cve@mitre.org)
http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-296520(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.