cbcvebase.
CVE-2015-8282
published 2017-04-13

CVE-2015-8282: SeaWell Networks Spectrum SDC 02.05.00 has a default password of "admin" for the "admin" account.

PriorityP266critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
6.58%
93.0th percentile
SeaWell Networks Spectrum SDC 02.05.00 has a default password of "admin" for the "admin" account.

Affected

1 ranges
VendorProductVersion rangeFixed in
seawell_networksspectrum_sdc

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://IP/configure_manage.php?action=download_config&file=../../../../../../../../../etc/passwd
urlhttps://IP/system_manage.php?username=viewer1&password=viewer&password=viewer&userlevel=9&action=add_user&ekey=&LActiveRow=
urlhttps://IP/system_manage.php?username=viewer1&password=&password=&userlevel=9&action=delete_user&ekey=4&LActiveRow=sys_Luser_4
urlhttps://IP/system_manage.php?username=admin&password=admin1&password=admin1&userlevel=9&action=update_user&ekey=3&LActiveRow=sys_Luser_3
urlhttps://IP/configure_manage.php?action=download_config&file=policy.xml
urlhttps://IP/configure_manage.php?action=download_config&file=cookie_config.xml
urlhttps://IP/configure_manage.php?action=download_config&file=systemCfg.xml
path/configure_manage.php
path/system_manage.php
filenamepolicy.xml
filenamecookie_config.xml
filenamesystemCfg.xml
  • Detect path traversal attempts against configure_manage.php by monitoring HTTP requests containing 'file=../' sequences in the query string targeting this endpoint.
  • Alert on unauthenticated or low-privileged (viewer) requests to system_manage.php with action=add_user, action=delete_user, or action=update_user, especially with userlevel=9 (admin privilege escalation).
  • Monitor HTTP GET requests to configure_manage.php with action=download_config and file parameter set to sensitive config filenames (policy.xml, cookie_config.xml, systemCfg.xml) from non-admin sessions.
  • Flag successful logins using the default credential pair admin/admin on the Spectrum SDC management interface.
  • Detect the response string '0Success1' in HTTP responses from system_manage.php, which indicates successful unauthorized administrative actions (user add/delete/modify) by a low-privileged user.
  • ·The default admin credentials (admin/admin) are hardcoded in Spectrum SDC 02.05.00 and must be changed immediately upon deployment; the CVE specifically covers this default password condition.
  • ·The userlevel parameter in system_manage.php is not server-side enforced: userlevel=9 grants admin privileges and userlevel=1 grants viewer privileges, and any authenticated user can supply either value.
  • ·The configure_manage.php file parameter performs no path restriction, allowing traversal to arbitrary filesystem paths including /etc/passwd; no sanitization is applied server-side.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.