ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote malicious users to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zte ox-330p firmware - |
||
zte zxhn h108n firmware - |
||
zte w300v1.0.0s zrd tr1 d68 firmware - |
||
zte hg110 firmware - |
||
zte gan9.8t101a-b firmware - |
||
zte mf28g firmware - |
Embedded device mayhem as rivals share keys
More than 26,000 Cisco devices sold by Australia's dominant telco Telstra are open to hijacking via hardcoded SSH login keys and SSL certificates. The baked-in HTTPS server-side certificates and SSH host keys were found by Sec Consult during a study of thousands of router and Internet of Things gizmos. Cisco warns that miscreants who get hold of these certificates, can decrypt web traffic to a router's builtin HTTPS web server via man-in-the-middle attacks. The web server is provided so people c...