4.3
CVSSv2

CVE-2015-7276

Published: 06/11/2019 Updated: 08/11/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

CWE-321: Use of Hard-coded Cryptographic Key - Multiple CVEsResearch by Stefan Viehbཬk of SEC Consult has found that numerous embedded devices accessible on the public Internet use non-unique X.509 certificates and SSH host keys. Products are identified as vulnerable if unpacked firmware images are found to contain hard-coded keys or certificates whose fingerprints can be matched to data from the Internet-wide scan data repository, scans.io (specifically, see SSH results and SSL certificates). Affected devices range broadly from home routers and IP cameras to VOIP phones.For the majority of vulnerable devices, reuse of certificates and keys are limited to the product lines of individual vendors. There are some instances where identical certificates and keys are used by multiple vendors. In these cases, the root cause may be due to firmware that is developed from common SDKs, or OEM devices using ISP-provided firmware.Vulnerable devices may be subject to impersonation, man-in-the-middle, or passive decryption attacks. It may be possible for an malicious user to obtain credentials or other sensitive information that may be used in further attacks. For additional details about the research and affected products by certificates and SSH host keys, refer to the original SEC Consult blog post on the topic, as well as the nine-month follow-up blog.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

technicolor c2000t_firmware -

technicolor c2100t_firmware -

Recent Articles

HTTPSohopeless: 26,000 Telstra Cisco boxen open to device hijacking
The Register • Darren Pauli • 27 Nov 2015

Embedded device mayhem as rivals share keys

More than 26,000 Cisco devices sold by Australia's dominant telco Telstra are open to hijacking via hardcoded SSH login keys and SSL certificates.
The baked-in HTTPS server-side certificates and SSH host keys were found by Sec Consult during a study of thousands of router and Internet of Things gizmos.
Cisco warns that miscreants who get hold of these certificates, can decrypt web traffic to a router's builtin HTTPS web server via man-in-the-middle attacks. The web server is provided...

HTTPSohopeless: 26,000 Telstra Cisco boxen open to device hijacking
The Register • Darren Pauli • 27 Nov 2015

Embedded device mayhem as rivals share keys

More than 26,000 Cisco devices sold by Australia's dominant telco Telstra are open to hijacking via hardcoded SSH login keys and SSL certificates.
The baked-in HTTPS server-side certificates and SSH host keys were found by Sec Consult during a study of thousands of router and Internet of Things gizmos.
Cisco warns that miscreants who get hold of these certificates, can decrypt web traffic to a router's builtin HTTPS web server via man-in-the-middle attacks. The web server is provided...