Adtran 411 ONT L80.00.0011.M2 was discovered to contain weak default passwords.
The vulnerability consists of the manufacturer using weak default passwords in the device firmware (CWE-1393). An attacker can attempt to log into the device using known or easily guessable default credentials that are common across all units of the given model. The attack requires no authentication, user interaction, or special privileges, and can be conducted remotely over the network.
A successful attack could allow an attacker to gain full control of the device, risking disclosure of confidential configuration data, modification of network settings, and disruption of services provided by the ISP operator.
Default passwords must be immediately changed to strong, unique credentials on all Adtran 411 ONT devices. Patches available from the manufacturer should be applied according to references, and network access to device management interfaces should be considered for restriction.
Adtran 411 ONT with firmware version L80.00.0011.M2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAdtran 411
HWAdtranwszystkie wersjeAdtran 411 Firmware
OSAdtranl80.00.0011.m2
Related vulnerabilities
Privilege escalation w Adtran 411 ONT — krytyczna podatność LPE
Command injection w usłudze telnet urządzeń Adtran 411 ONT — eskalacja do root
Nieprawidłowa kontrola dostępu w Adtran 411 ONT — nieautoryzowana zmiana hasła administratora
Command injection w interfejsie webowym Adtran 411 ONT — eskalacja do root
SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution (RCE) via the ping hos...