Vulnerability CVE-2019-9160
Published: 2019-04-18   Modified: 2019-04-19

Description:
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root (because the password for root is the WebUI admin password concatenated with a static string).

Type:

CWE-798

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Xinruidz -> Sundray wan controller firmware 

 References:
http://www.cnvd.org.cn/flaw/show/CNVD-2019-07680
Copyright 2024, cxsecurity.com

 

Back to Top