DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted by anyone able to access this key.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/152232/DASAN-H660RM-Information-Disclosure-Hardcoded-Key.html | Third Party Advisory VDB Entry |
https://blog.burghardt.pl/2019/03/syslog_tool-cgi-on-dasan-h660rm-devices-with-firmware-1-03-0022-uses-a-hard-coded-key-for-logs-encryption/ | Exploit Third Party Advisory |
https://seclists.org/bugtraq/2019/Mar/41 | Mailing List Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-04-11T18:08:07
Updated: 2019-04-11T18:10:41
Reserved: 2019-03-24T00:00:00
Link: CVE-2019-9975
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-04-11T19:29:01.567
Modified: 2019-04-12T11:50:40.567
Link: CVE-2019-9975
JSON object: View
Redhat Information
No data.
CWE