Insecure Permissions vulnerability in Tenda CP3 Pro Firmware V22.5.4.93 allows the telnet service (telnetd) by default at boot via the initialization script /etc/init.d/eth.sh. This allows remote attackers to connect to the device s shell over the network, potentially without authentication if default or weak credentials are present
In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials. This issue was fixed in versions below: - IPx series: version 6.61.0040 - CCT-1668: version 6.56.0430 - MAC-6400: version 6.56.0430 - CXS-0424: version 6.30.0510 The issue STILL EXISTS in End-Of-Life telephone exchanges in versions 4.xx and below: - CCT-1668 (CCT1CPU) - MAC-6400 - CXS-0424 These products were discontinued in 2011 and 2012 and and will not receive updates. These products require a hardware update in order to receive a software update. The vendor recommends that users of these devices contact the their service department directly to determine the options for upgrading.
The device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized access. This represents a high risk to the integrity of the system.
The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite.
The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increases the risk of unauthorised connections.
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses weak credential mechanism that could allow an attacker to easily calculate MQTT credentials.