• Здраво и добредојдовте на форумот на IT.mk.

    Доколку сеуште не сте дел од најголемата заедница на ИТ професионалци и ентузијасти во Македонија, можете бесплатно да се - процесот нема да ви одземе повеќе од 2-3 минути, а за полесна регистрација овозможивме и регистрирање со Facebook и Steam.

Adtec Digital Multiple Products Default/Hardcoded Credentials Remote Root

  • Ја почнал/а темата
  • #1

zeroscience

ZSL Bot v4.89.1.00
31 мај 2010
673
516
www.zeroscience.mk
Код:
Adtec Digital Multiple Products Default/Hardcoded Credentials Remote Root


Vendor: Adtec Digital, Inc.
Product web page: https://www.adtecdigital.com
                  https://www.adtecdigital.com/support/documents-downloads
Affected version: SignEdje Digital Signage Player v2.08.28
                  mediaHUB HD-Pro High & Standard Definition MPEG2 Encoder v3.07.19
                  afiniti Multi-Carrier Platform v1905_11
                  EN-31 Dual Channel DSNG Encoder / Modulator v2.01.15
                  EN-210 Multi-CODEC 10-bit Encoder / Modulator v3.00.29
                  EN-200 1080p AVC Low Latency Encoder / Modulator v3.00.29
                  ED-71 10-bit / 1080p Integrated Receiver Decoder v2.02.24
                  edje-5110 Standard Definition MPEG2 Encoder v1.02.05
                  edje-4111 HD Digital Media Player v2.07.09
                  Soloist HD-Pro Broadcast Decoder v2.07.09
                  adManage Traffic & Media Management Application v2.5.4

Summary: Adtec Digital is a leading manufacturer of Broadcast, Cable and IPTV products and
solutions.

Desc: The devices utilizes hard-coded and default credentials within its Linux distribution
image for Web/Telnet/SSH access. A remote attacker could exploit this vulnerability by logging
in using the default credentials for accessing the web interface or gain shell access as root.

Tested on: GNU/Linux 4.1.8 (armv7l)
           GNU/Linux 3.12.38 (PowerPC)
           GNU/Linux 2.6.14 (PowerPC)
           Adtec Embedded Linux 0.9 (fido)
           Apache


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2020-5603
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5603.php


24.07.2020

--


Creds:
------

adtec:none:500:1000:adtec:/media:/bin/sh
admin:1admin!:502:502:admin:/home/admin:/bin/sh
root1:1root!:0:0:root:/root:/bin/sh
adtecftp:adtecftp2231
 

Нови мислења

Последни Теми

Статистика

Теми
42,572
Мислења
820,881
Членови
28,235
Најнов член
NikolaJovcevski
На врв Дно