The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the device is possible. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References
Link | Resource |
---|---|
https://www.sec-research.com/1604584604-hard-coded-credentials-in-netzwerk-videorekorder-planet-nvr-915.html | Exploit Third Party Advisory |
Configurations
History
07 Nov 2023, 03:20
Type | Values Removed | Values Added |
---|---|---|
Summary | The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the device is possible. NOTE: This vulnerability only affects products that are no longer supported by the maintainer |
Information
Published : 2020-11-18 18:15
Updated : 2024-08-04 16:15
NVD link : CVE-2020-26097
Mitre link : CVE-2020-26097
CVE.ORG link : CVE-2020-26097
JSON object : View
Products Affected
planet
- nvr-1615
- nvr-1615_firmware
- nvr-915_firmware
- nvr-915
CWE
CWE-798
Use of Hard-coded Credentials