ID
VAR-201811-1124
TITLE
Multiple vulnerabilities in the Cradlepoint Router
Trust: 0.6
DESCRIPTION
Cradlepoint is the industry leader in 4G/LTE network modems and routers, providing the highest level of solution for enterprise 4G/LTD/Wi-Fi wireless networks and providing management services to ensure optimal network uptime . There are multiple vulnerabilities in CradlepointRouter. The attacker uses hard-coded backdoor credentials to reveal sensitive information such as the WLAN MAC of the target device, while the default password of the Cradlepoint router is four bytes after the WLAN MAC. If the user does not modify the default password, the attacker can use the default password to log in to the device's web management interface and perform a series of malicious operations, including executing commands in the sandbox, enabling SSH services, and so on.
Trust: 0.6
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | cradlepoint | model: | router | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2018-22968 | Trust: 0.6 |
REFERENCES
| url: | https://seclists.org/fulldisclosure/2018/nov/22 | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2018-22968 |
LAST UPDATE DATE
2022-05-04T10:26:21.457000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2018-22968 | date: | 2018-11-12T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2018-22968 | date: | 2018-11-12T00:00:00 |