Vulnerability CVE-2014-7279

Vulnerability CVE-2014-7279

Published: 2017-03-23

Description:

The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain "equipment management authority" via TCP traffic to port 23.

See advisories in our WLB2 database:

	Topic	Author	Date
High	Konke Smart Plug K Authentication Bypass Vulnerability	gamehacker&z...	30.10.2014

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
10/10	10/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
Kankunit -> Konke smart plug firmware

References:

http://www.exploit-db.com/exploits/35103

Copyright 2024, cxsecurity.com