CVE-2009-3710

Riorey RIOS 4.7.0 - Hard-Coded Password

Severity Score

10.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username (dbadmin) and password (sq!us3r) for an SSH tunnel, which allows remote attackers to gain privileges via port 8022.

RioRey RIOS v4.6.6 y v4.7.0 utiliza un nombre de usuario (dbadmin) y contraseña (sq!us3r) indocumentados, no modificables para un túnel SSH, que permite a atacantes remotos obtener privilegios a través del puerto 8022.

*Credits: N/A

CVSS Scores

NISTv2 10.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-10-08 First Exploit
2009-10-16 CVE Reserved
2009-10-16 CVE Published
2024-09-17 CVE Updated
2024-09-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-255: Credentials Management Errors

CAPEC

References (4)

URL	Tag	Source
http://osvdb.org/58858	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/9858	2009-10-08
http://packetstormsecurity.org/0910-exploits/riorey-passwd.txt	2024-09-17

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/36971	2009-10-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Riorey Search vendor "Riorey"		Rios Search vendor "Riorey" for product "Rios"				4.6.6 Search vendor "Riorey" for product "Rios" and version "4.6.6"		-		Affected
Riorey Search vendor "Riorey"		Rios Search vendor "Riorey" for product "Rios"				4.7.0 Search vendor "Riorey" for product "Rios" and version "4.7.0"		-		Affected