CVE-2016-4521
published 2016-05-31CVE-2016-4521: Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded credentials, which allows remote attackers to obtain access via…
PriorityP260critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
2.46%
82.5th percentile
Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sixnet | bt-5_series_cellular_router_firmware | <= 3.8.20 | — |
| sixnet | bt-5_series_cellular_router_firmware | <= 3.9.7 | — |
| sixnet | bt-6_series_cellular_router_firmware | <= 3.8.20 | — |
| sixnet | bt-6_series_cellular_router_firmware | <= 3.9.7 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target devices are Sixnet BT-5xxx and BT-6xxx series M2M cellular routers; detect exploitation attempts by monitoring for successful authentication to these devices using factory/default credentials from unexpected or external source IPs. ↗
- →Public exploits exist for this vulnerability; monitor network traffic to Sixnet BT-series routers for remote authentication attempts, especially from internet-facing sources, as exploitation requires no authentication and low skill. ↗
- →Flag any remote access to Sixnet BT-5xxx/BT-6xxx devices running firmware versions prior to 3.8.21 or prior to 3.9.8, as these are the vulnerable version ranges. ↗
- ·The specific hard-coded credential values (usernames/passwords) are not publicly disclosed in the advisory; the advisory only confirms their existence as factory accounts. Defenders should consult Sixnet/Red Lion directly for the credential details to use in detection rules. ↗
- ·The attack vector and protocol used to exploit the hard-coded credentials are unspecified ('via unspecified vectors'), limiting the ability to write precise network-layer detection signatures. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r562-xjg8-354h: Sixnet BT-5xxx and BT-6xxx M2M devices before 3
ghsa_unreviewed·2022-05-17
CVE-2016-4521 [CRITICAL] CWE-200 GHSA-r562-xjg8-354h: Sixnet BT-5xxx and BT-6xxx M2M devices before 3
Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors.
CISA ICS
Sixnet BT Series Hard-coded Credentials Vulnerability
cisa_ics·2018-08-23
Sixnet BT Series Hard-coded Credentials Vulnerability
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Sixnet BT Series Hard-coded Credentials Vulnerability
Last RevisedAugust 23, 2018
Alert CodeICSA-16-147-02
## OVERVIEW
Independent researcher Neil Smith has identified a hard-coded credential vulnerability in Sixnet’s BT series routers. Sixnet has produced patches and new firmware to mitigate this vulnerability.
This vulnerability could be exploited remotely. Exploits that target this vulnerability are known to be publicly available.
## AFFECTED PRODUCTS
Sixnet reports that the vulnerability affects the following products:
- Sixnet BT-5xxx and BT-6xxx series M2M cellular rou
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2016-05-31
Published