Vulnerabilities > CVE-2024-31970 - Unspecified vulnerability in Adtran SDG Smartos

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

adtran

NVD

Published: 2024-07-24

Updated: 2024-07-25

Summary

AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have SSH enabled by default, accessible both over the LAN and the Internet. During a window of time when the device is being set up, it uses a default username and password combination of admin/admin with root-level privileges. An attacker can exploit this window to gain unauthorized root access by either modifying the existing admin account or creating a new account with equivalent privileges. This vulnerability allows attackers to execute arbitrary commands.

Vulnerable Configurations

Part	Description	Count
OS	Adtran Adtran SDG Smartos *	1
Hardware	Adtran Adtran 834 5 -	1

References

https://github.com/actuator/cve/blob/main/AdTran/SRG-834-5
https://github.com/actuator/cve/blob/main/AdTran/CVE-2024-31970