Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.9
CVSSv3

CVE-2015-7276

Published: 06/11/2019 Updated: 08/11/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to C2000t Firmware

Vulnerability Summary

CWE-321: Use of Hard-coded Cryptographic Key - Multiple CVEsResearch by Stefan Viehbཬk of SEC Consult has found that numerous embedded devices accessible on the public Internet use non-unique X.509 certificates and SSH host keys. Products are identified as vulnerable if unpacked firmware images are found to contain hard-coded keys or certificates whose fingerprints can be matched to data from the Internet-wide scan data repository, scans.io (specifically, see SSH results and SSL certificates). Affected devices range broadly from home routers and IP cameras to VOIP phones.For the majority of vulnerable devices, reuse of certificates and keys are limited to the product lines of individual vendors. There are some instances where identical certificates and keys are used by multiple vendors. In these cases, the root cause may be due to firmware that is developed from common SDKs, or OEM devices using ISP-provided firmware.Vulnerable devices may be subject to impersonation, man-in-the-middle, or passive decryption attacks. It may be possible for an malicious user to obtain credentials or other sensitive information that may be used in further attacks. For additional details about the research and affected products by certificates and SSH host keys, refer to the original SEC Consult blog post on the topic, as well as the nine-month follow-up blog.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

technicolor c2000t_firmware -

technicolor c2100t_firmware -

Recent Articles

HTTPSohopeless: 26,000 Telstra Cisco boxen open to device hijacking
The Register • Darren Pauli • 27 Nov 2015

Embedded device mayhem as rivals share keys

More than 26,000 Cisco devices sold by Australia's dominant telco Telstra are open to hijacking via hardcoded SSH login keys and SSL certificates. The baked-in HTTPS server-side certificates and SSH host keys were found by Sec Consult during a study of thousands of router and Internet of Things gizmos. Cisco warns that miscreants who get hold of these certificates, can decrypt web traffic to a router's builtin HTTPS web server via man-in-the-middle attacks. The web server is provided so people c...

Read more...

References

CWE-798https://sec-consult.com/en/blog/2015/11/house-of-keys-industry-wide-https/http://www.kb.cert.org/vuls/id/566724https://nvd.nist.govhttps://www.theregister.co.uk/2015/11/27/nine_percent_of_encrypted_traffic_open_to_hijack_from_shared_keys/https://www.kb.cert.org/vuls/id/566724
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook