Vulnerability Description
Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box 9.2.3 through 11.1.4 and other products, has default credentials that allow remote attackers to access devices remotely via SSH, HTTP, HTTPS, and FTP.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Blackbox | Icompel Firmware | >= 9.2.3, <= 11.1.4 |
| Blackbox | Icompel | - |
| Onelan | Net-Top-Box Firmware | >= 9.2.3, <= 11.1.4 |
| Onelan | Net-Top-Box | - |
Related Weaknesses (CWE)
References
- https://experiencesofasysadmin.wordpress.com/2019/08/23/cve-2019-15497-default-cThird Party Advisory
- https://experiencesofasysadmin.wordpress.com/2019/08/23/cve-2019-15497-default-cThird Party Advisory
FAQ
What is CVE-2019-15497?
CVE-2019-15497 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box 9.2.3 through 11.1.4 and other products, has default credentials that allow remote attackers to access devices remotely via SSH, H...
How severe is CVE-2019-15497?
CVE-2019-15497 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-15497?
Check the references section above for vendor advisories and patch information. Affected products include: Blackbox Icompel Firmware, Blackbox Icompel, Onelan Net-Top-Box Firmware, Onelan Net-Top-Box.