CVE-2012-3951
published 2012-07-31CVE-2012-3951: The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and…
PriorityP270high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
52.93%
98.8th percentile
The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sonicwall | scrutinizer | <= 9.0.1.19899 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →MySQL service bound to 0.0.0.0 on port 3306 — detect remote MySQL login attempts using default credentials 'scrutinizer' or 'scrutremote' with password 'admin' from external/untrusted hosts. ↗
- →Detect MySQL DUMPFILE queries writing files into the web root (../../html/) — indicative of the exploit's payload-drop stage. ↗
- ·The vulnerability is a hardcoded default credential issue — the accounts 'scrutinizer' and 'scrutremote' both have the password 'admin' by default and cannot be detected by vulnerability scanners alone without credential validation. ↗
- ·MySQL is bound to all interfaces (0.0.0.0) by default in affected Scrutinizer installations, making the service reachable from any network without additional exploitation of firewall rules. ↗
- ·Exploitation results in code execution under the SYSTEM context, meaning successful exploitation grants full host compromise — not just database access. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-99qq-2xp2-g5wf: The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9
ghsa_unreviewed·2022-05-14
CVE-2012-3951 [HIGH] CWE-89 GHSA-99qq-2xp2-g5wf: The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9
The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session.
SonicWall
CVE-2012-3951: The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutin
vendor_sonicwall·2012-07-31·CVSS 7.5
CVE-2012-3951 [HIGH] CWE-89 CVE-2012-3951: The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutin
CVE-2012-3951: The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session.
No detection rules found.
Exploit-DB
Plixer Scrutinizer NetFlow and sFlow Analyzer 9 - Default MySQL Credential (Metasploit)
exploitdb·2012-08-08
CVE-2012-3951 Plixer Scrutinizer NetFlow and sFlow Analyzer 9 - Default MySQL Credential (Metasploit)
Plixer Scrutinizer NetFlow and sFlow Analyzer 9 - Default MySQL Credential (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 "Plixer Scrutinizer NetFlow and sFlow Analyzer 9 Default MySQL Credential",
'Description' => %q{
This exploits an insecure config found in Scrutinizer NetFlow & sFlow Analyzer.
By default, the software installs a default password in MySQL, and binds the
service to "0.0.0.0". This allows any remote user to login to MySQL, and then
gain arbitrary remote code execution under the context of 'SYSTEM'. Examples
of
Metasploit
Plixer Scrutinizer NetFlow and sFlow Analyzer 9 Default MySQL Credential
metasploit
Plixer Scrutinizer NetFlow and sFlow Analyzer 9 Default MySQL Credential
Plixer Scrutinizer NetFlow and sFlow Analyzer 9 Default MySQL Credential
This exploits an insecure config found in Scrutinizer NetFlow & sFlow Analyzer. By default, the software installs a default password in MySQL, and binds the service to "0.0.0.0". This allows any remote user to login to MySQL, and then gain arbitrary remote code execution under the context of 'SYSTEM'. Examples of default credentials include: 'scrutinizer:admin', and 'scrutremote:admin'.
No writeups or analysis indexed.
2012-07-31
Published