Main Vulnerability Database Vulnerabilities #VU19381

Use of hard-coded credentials in Akuvox R50P - CVE-2019-12327

Published: July 26, 2019

Vulnerability identifier: #VU19381

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2019-12327

CWE-ID: CWE-798

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Akuvox R50P

Software vendor:
Akuvox

Description

The vulnerability allows a remote attacker to gain full access to vulnerable device.

The vulnerability exists due to presence of hard-coded credentials in application code. A remote authenticated attacker can get access to the device via telnet running on port 23.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable device.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_Akuvox_R50P.pdf

Use of hard-coded credentials in Akuvox R50P - CVE-2019-12327

Description

Remediation

External links

Please verify you're human