Vulnerability Description
Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Telesquare | Sdt-Cs3B1 Firmware | <= 1.2.0 |
| Telesquare | Sdt-Cs3B1 | - |
| Telesquare | Sdt-Cw3B1 Firmware | <= 1.2.0 |
| Telesquare | Sdt-Cw3B1 | - |
Related Weaknesses (CWE)
References
- https://www.boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=27284Third Party Advisory
- https://www.fortiguard.com/zeroday/FG-VD-18-106Third Party Advisory
- https://www.boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=27284Third Party Advisory
- https://www.fortiguard.com/zeroday/FG-VD-18-106Third Party Advisory
FAQ
What is CVE-2018-12526?
CVE-2018-12526 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account.
How severe is CVE-2018-12526?
CVE-2018-12526 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-12526?
Check the references section above for vendor advisories and patch information. Affected products include: Telesquare Sdt-Cs3B1 Firmware, Telesquare Sdt-Cs3B1, Telesquare Sdt-Cw3B1 Firmware, Telesquare Sdt-Cw3B1.