Vulnerability Description
Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical default SSH and SSL keys that cannot be changed, allowing unauthenticated remote attackers to decrypt or intercept encrypted management communications. Attackers can perform man-in-the-middle attacks, impersonate devices, and expose sensitive information by leveraging the shared default cryptographic keys across multiple devices.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://assets.belden.com/m/76d31798e65c9f47/original/Security-Bulletin-SSH-SSL-
- https://www.vulncheck.com/advisories/hirschmann-hilcos-hard-coded-credentials-ss
FAQ
What is CVE-2015-10148?
CVE-2015-10148 is a vulnerability with a CVSS score of 8.2 (HIGH). Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical default SSH and SSL keys that cannot be changed, allowing unauthenticated remot...
How severe is CVE-2015-10148?
CVE-2015-10148 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-10148?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.