← Voltar para CVEs
CVE-2021-37555
CRITICAL9.8
Descricao
TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the default password of 059AnkJ for the root account. The user can then download the filesystem through preinstalled BusyBox utilities (e.g., tar and nc).
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado7/26/2021
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
trixie:tx9_automatic_food_dispensertrixie:tx9_automatic_food_dispenser_firmware
Fraquezas (CWE)
CWE-798
Referencias
http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-296520(cve@mitre.org)
http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-296520(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.