exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Ceragon FibeAir IP-10 7.2.0 Hidden User Backdoor

Ceragon FibeAir IP-10 7.2.0 Hidden User Backdoor
Posted May 19, 2017
Authored by Ian Ling

Ceragon FibeAir IP-10 versions 7.2.0 and below suffer from a hidden user backdoor vulnerability.

tags | exploit
advisories | CVE-2015-0936
SHA-256 | 19d0253d67bfd5628b69787c405f7a3c2992c6236010db3ca5711b8a3408d169

Ceragon FibeAir IP-10 7.2.0 Hidden User Backdoor

Change Mirror Download
[+] Credits: Ian Ling
[+] Website: iancaling.com
[+] Source: http://blog.iancaling.com/post/160817658078

Vendor:
=================
https://www.ceragon.com


Products:
======================
Ceragon FibeAir IP-10 (<=7.2.0) (latest version)


Vulnerability Types:
===================
Hidden User Backdoor


Vulnerability Details:
=====================
Ceragon FibeAir IP-10 wireless radios contain a hidden user account with
a default password set by the vendor. This user can be accessed via both
the web interface and SSH. In the web interface, this simply grants an
attacker read-only access to the deviceas settings. However, when using
SSH, this user gives an attacker access to a Linux shell.

While the mateidu user does not have root privileges in the Linux shell,
these devices run an outdated Linux kernel that may be vulnerable to
privilege escalation exploits.

The vendor recommends that users alog as mateidu user and change the
password via the GUI this will close the old internal protection port
access. [sic]a

The mateidu useras password is the same as its username.

This vulnerability is similar to CVE-2015-0936, which detailed the
discovery of an RSA key pair that allowed an attacker to log in as the
mateidu user via SSH.


Disclosure Timeline:
===================================
2017/05/12 - Contacted vendor
2017/05/14 - Vendor acknowledges report
2017/05/16 - Vendor sends their recommendation
2017/05/18 - Publicly disclosed


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close