CVE-2021-37555

{"id": "CVE-2021-37555", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-07-26T21:15:17.047", "references": [{"url": "http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-296520", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-296520", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the default password of 059AnkJ for the root account. The user can then download the filesystem through preinstalled BusyBox utilities (e.g., tar and nc)."}, {"lang": "es", "value": "Los dispositivos TX9 Automatic Food Dispenser v3.2.57, permiten acceso a un shell como root/superusuario, un problema relacionado con CVE-2019-16734. Para conectarse, el servicio telnet es usado en el puerto 23 con la contrase\u00f1a predeterminada 059AnkJ para la cuenta root. El usuario puede entonces descargar el sistema de archivos mediante las utilidades preinstaladas de BusyBox (por ejemplo, tar y nc)"}], "lastModified": "2024-11-21T06:15:24.260", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:trixie:tx9_automatic_food_dispenser_firmware:3.2.57:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "428AD7CC-4929-4B2E-92A7-D88467A6C803"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:trixie:tx9_automatic_food_dispenser:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D3FBB0F0-0B4D-4B21-B1CF-59C8C6FD6D06"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}