CVE-2018-12260

Published: Jun 12, 2018Modified: Nov 21, 2024

6.7

Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root password can be obtained in cleartext by issuing the command 'showKey' from the root CLI. This password may be the same on all devices

Affected (1)

Products: Apollotechnologiesinc: Momentum Axel 720p Firmware

Apollotechnologiesinc

1 product

Momentum Axel 720p Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Apollotechnologiesinc Momentum Axel 720p Firmware	Version 5.1.8

Running on/with	Platform Versions
Apollotechnologiesinc Momentum Axel 720p	All versions

Related CWEs

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf

Source: cve@mitre.org

ExploitThird Party Advisory

https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.