Search
Find a vulnerability
Search criteria
2 vulnerabilities found for ONE by Cypress
CVE-2021-47744 (GCVE-0-2021-47744)
Vulnerability from nvd – Published: 2025-12-31 18:39 – Updated: 2026-01-02 16:23
VLAI
Title
Cypress Solutions CTM-200/CTM-ONE 1.3.6 Hard-coded Credentials Remote Root
Summary
Cypress Solutions CTM-200/CTM-ONE 1.3.6 contains hard-coded credentials vulnerability in Linux distribution that exposes root access. Attackers can exploit the static 'Chameleon' password to gain remote root access via Telnet or SSH on affected devices.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/50407 | exploit |
| https://www.cypress.bc.ca | product |
| https://www.zeroscience.mk/en/vulnerabilities/ZSL… | third-party-advisory |
| https://www.vulncheck.com/advisories/cypress-solu… | third-party-advisory |
Date Public
2021-09-21 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47744",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-02T16:20:02.676254Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-02T16:23:14.918Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ONE",
"vendor": "Cypress",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2021-09-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cypress Solutions CTM-200/CTM-ONE 1.3.6 contains hard-coded credentials vulnerability in Linux distribution that exposes root access. Attackers can exploit the static \u0027Chameleon\u0027 password to gain remote root access via Telnet or SSH on affected devices."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-31T18:39:11.435Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-50407",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50407"
},
{
"name": "Cypress Solutions Official Homepage",
"tags": [
"product"
],
"url": "https://www.cypress.bc.ca"
},
{
"name": "Zero Science Lab Disclosure (ZSL-2021-5686)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5686.php"
},
{
"name": "VulnCheck Advisory: Cypress Solutions CTM-200/CTM-ONE 1.3.6 Hard-coded Credentials Remote Root",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/cypress-solutions-ctm-ctm-one-hard-coded-credentials-remote-root"
}
],
"title": "Cypress Solutions CTM-200/CTM-ONE 1.3.6 Hard-coded Credentials Remote Root",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47744",
"datePublished": "2025-12-31T18:39:11.435Z",
"dateReserved": "2025-12-31T02:09:17.953Z",
"dateUpdated": "2026-01-02T16:23:14.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47744 (GCVE-0-2021-47744)
Vulnerability from cvelistv5 – Published: 2025-12-31 18:39 – Updated: 2026-01-02 16:23
VLAI
Title
Cypress Solutions CTM-200/CTM-ONE 1.3.6 Hard-coded Credentials Remote Root
Summary
Cypress Solutions CTM-200/CTM-ONE 1.3.6 contains hard-coded credentials vulnerability in Linux distribution that exposes root access. Attackers can exploit the static 'Chameleon' password to gain remote root access via Telnet or SSH on affected devices.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/50407 | exploit |
| https://www.cypress.bc.ca | product |
| https://www.zeroscience.mk/en/vulnerabilities/ZSL… | third-party-advisory |
| https://www.vulncheck.com/advisories/cypress-solu… | third-party-advisory |
Date Public
2021-09-21 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47744",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-02T16:20:02.676254Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-02T16:23:14.918Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ONE",
"vendor": "Cypress",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2021-09-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cypress Solutions CTM-200/CTM-ONE 1.3.6 contains hard-coded credentials vulnerability in Linux distribution that exposes root access. Attackers can exploit the static \u0027Chameleon\u0027 password to gain remote root access via Telnet or SSH on affected devices."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-31T18:39:11.435Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-50407",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50407"
},
{
"name": "Cypress Solutions Official Homepage",
"tags": [
"product"
],
"url": "https://www.cypress.bc.ca"
},
{
"name": "Zero Science Lab Disclosure (ZSL-2021-5686)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5686.php"
},
{
"name": "VulnCheck Advisory: Cypress Solutions CTM-200/CTM-ONE 1.3.6 Hard-coded Credentials Remote Root",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/cypress-solutions-ctm-ctm-one-hard-coded-credentials-remote-root"
}
],
"title": "Cypress Solutions CTM-200/CTM-ONE 1.3.6 Hard-coded Credentials Remote Root",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47744",
"datePublished": "2025-12-31T18:39:11.435Z",
"dateReserved": "2025-12-31T02:09:17.953Z",
"dateUpdated": "2026-01-02T16:23:14.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}