vendor:
NetMan 204
by:
Saeed reza Zamanian
7,5
CVSS
HIGH
Backdoor Account
798
CWE
Product Name: NetMan 204
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2016
NetMan 204 – Backdoor Account
The UPS Module has 3 default accounts, (admin,fwupgrade,user) , fwupgrade has a shell access to the device BUT if you try to get access to the shell a shell script closes your conection. To stop the shell script and avoid to terminate your connection you should , set your SSH client to execute "/bin/bash" after you logon the SSH. As a result your shell type will be changed to "/bin/bash" as you see below there is an account called "eurek" and ofcourse it's password also is "eurek". Since that "eurek" is a sudoer user you will get full access to the device.
Mitigation:
Disable the default accounts and use strong passwords for all accounts.
