Automatic-Systems SOC FL9600 FastLine Hardcoded Super Admin Credentials

vendor:

SOC FL9600 FastLine

by:

Mike Jankowski-Lorek, Marcin Kozlowski / Cqure

6.1

CVSS

HIGH

Hardcoded Credentials

798

CWE

Product Name: SOC FL9600 FastLine

Affected Version From: V06

Affected Version To: V06

Patch Exists: NO

Related CWE: CVE-2023-37608

CPE: automatic-systems:soc_fl9600_fastline:v06

Metasploit:

Other Scripts:

Platforms Tested:

2023

Automatic-Systems SOC FL9600 FastLine Hardcoded Super Admin Credentials

The Automatic Systems SOC FL9600 FastLine device with version V06 contains hardcoded login credentials for a super admin account. An attacker can exploit this vulnerability to access sensitive information using the admin login credentials.

Mitigation:

It is recommended to contact the vendor for a patch or update that removes the hardcoded credentials. Meanwhile, users can implement network segmentation and access controls to limit exposure.

Source

Exploit-DB raw data:

# Exploit Title: Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin
# Google Dork: 
# Date: 12/9/2023
# Exploit Author: Mike Jankowski-Lorek, Marcin Kozlowski / Cqure
# Vendor Homepage: http://automatic-systems.com
# Software Link: 
# Version: V06
# Tested on: V06, VersionSVN = 28569_8a99acbd8d7ea09a57d5fbcb435da5427b3f6b8a
# CVE : CVE-2023-37608

An issue in Automatic Systems SOC FL9600 FastLine version:V06 a remote attacker to obtain sensitive information via the admin login credentials.

The device contains hardcoded login and password for super admin. The administrator cannot change the password for this account.

Login: automaticsystems
Password: astech