Hardcoded Credentials in Automatic-Systems SOC FL9600 FastLine

vendor:

SOC FL9600 FastLine

by:

Mike Jankowski-Lorek, Marcin Kozlowski / Cqure

6.1

CVSS

HIGH

Hardcoded Credentials

798

CWE

Product Name: SOC FL9600 FastLine

Affected Version From: V06

Affected Version To: V06

Patch Exists: NO

Related CWE: CVE-2023-37608

CPE: automatic-systems:soc_fl9600_fastline:v06

Metasploit:

Other Scripts:

Platforms Tested:

2023

Hardcoded Credentials in Automatic-Systems SOC FL9600 FastLine

Automatic Systems SOC FL9600 FastLine V06 device contains hardcoded login credentials for the super admin account, which cannot be changed. An attacker can exploit this vulnerability to gain sensitive information using the following credentials: Login: automaticsystems, Password: astech. This vulnerability is identified as CVE-2023-37608.

Mitigation:

To mitigate this vulnerability, it is recommended to contact the vendor for a patch or update that removes the hardcoded credentials or allows the admin to change them.

Source

Exploit-DB raw data:

# Exploit Title: Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin
# Google Dork: 
# Date: 12/9/2023
# Exploit Author: Mike Jankowski-Lorek, Marcin Kozlowski / Cqure
# Vendor Homepage: http://automatic-systems.com
# Software Link: 
# Version: V06
# Tested on: V06, VersionSVN = 28569_8a99acbd8d7ea09a57d5fbcb435da5427b3f6b8a
# CVE : CVE-2023-37608

An issue in Automatic Systems SOC FL9600 FastLine version:V06 a remote attacker to obtain sensitive information via the admin login credentials.

The device contains hardcoded login and password for super admin. The administrator cannot change the password for this account.

Login: automaticsystems
Password: astech