CVE-2018-5399

The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running and is configured with a hard-coded credentials

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured to use password only authentication not cryptographic keys, however the firmware image contains an RSA host-key for the server. An attacker can exploit this vulnerability to gain root access to the Angstrom Linux operating system and modify any binaries or configuration files in the firmware. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7.

El firmware de Auto-Maskin DCU 210E contiene un servidor Dropbear SSH no documentado, v2015.55, configurado para escuchar en el puerto 22 mientras se está ejecutando DCU. El servidor DCU está configurado con una combinación embebida de nombre de usuario y contraseña de root/amroot. El servidor está configurado para emplear solo contraseñas en lugar de claves criptográficas; sin embargo, la imagen del firmware contiene una clave de host RSA para el servidor. Un atacante puede explotar esta vulnerabilidad para obtener acceso root al sistema operativo Angstrom Linux y modificar cualquier binario o archivo de configuración en el firmware. Las versiones afectadas son Auto-Maskin DCU-210E RP-210E: versiones anteriores a la 3.7 en ARMv7.

*Credits: Reporters: Brian Satira, Brian Olson, Organization: Project Gunsway

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-01-12 CVE Reserved
2018-10-08 CVE Published
2024-07-16 EPSS Updated
2024-09-17 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-798: Use of Hard-coded Credentials

CAPEC

References (2)

URL	Tag	Source
https://www.kb.cert.org/vuls/id/176301	Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsa-20-051-04	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Auto-maskin Search vendor "Auto-maskin"	Dcu-210e Firmware Search vendor "Auto-maskin" for product "Dcu-210e Firmware"	< 3.7 Search vendor "Auto-maskin" for product "Dcu-210e Firmware" and version " < 3.7"	-	Affected	in	Auto-maskin Search vendor "Auto-maskin"	Dcu-210e Search vendor "Auto-maskin" for product "Dcu-210e"	-	-	Safe
Auto-maskin Search vendor "Auto-maskin"	Rp-210e Firmware Search vendor "Auto-maskin" for product "Rp-210e Firmware"	< 3.7 Search vendor "Auto-maskin" for product "Rp-210e Firmware" and version " < 3.7"	-	Affected	in	Auto-maskin Search vendor "Auto-maskin"	Rp-210e Search vendor "Auto-maskin" for product "Rp-210e"	-	-	Safe