FKIE_CVE-2021-37555

Vulnerability from fkie_nvd - Published: 2021-07-26 21:15 - Updated: 2024-11-21 06:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the default password of 059AnkJ for the root account. The user can then download the filesystem through preinstalled BusyBox utilities (e.g., tar and nc).
References
cve@mitre.orghttp://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-296520Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-296520Third Party Advisory
Impacted products
Vendor Product Version
trixie tx9_automatic_food_dispenser_firmware 3.2.57
trixie tx9_automatic_food_dispenser -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:trixie:tx9_automatic_food_dispenser_firmware:3.2.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "428AD7CC-4929-4B2E-92A7-D88467A6C803",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:trixie:tx9_automatic_food_dispenser:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3FBB0F0-0B4D-4B21-B1CF-59C8C6FD6D06",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the default password of 059AnkJ for the root account. The user can then download the filesystem through preinstalled BusyBox utilities (e.g., tar and nc)."
    },
    {
      "lang": "es",
      "value": "Los dispositivos TX9 Automatic Food Dispenser v3.2.57, permiten acceso a un shell como root/superusuario, un problema relacionado con CVE-2019-16734. Para conectarse, el servicio telnet es usado en el puerto 23 con la contrase\u00f1a predeterminada 059AnkJ para la cuenta root. El usuario puede entonces descargar el sistema de archivos mediante las utilidades preinstaladas de BusyBox (por ejemplo, tar y nc)"
    }
  ],
  "id": "CVE-2021-37555",
  "lastModified": "2024-11-21T06:15:24.260",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-26T21:15:17.047",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-296520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-296520"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.