Eaton Power Xpert Meter 4000, 6000, and 8000 devices prior to 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote malicious users to perform SSH logins (to uid 0) via the PubkeyAuthentication option.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
eaton power_xpert_meter_4000_firmware |
||
eaton power_xpert_meter_6000_firmware |
||
eaton power_xpert_meter_8000_firmware |