cbcvebase.
CVE-2023-30350
published 2023-05-29

CVE-2023-30350: FS S3900-24T4S devices allow authenticated attackers with guest access to escalate their privileges and reset the admin password.

PriorityP267high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
5.34%
91.6th percentile
FS S3900-24T4S devices allow authenticated attackers with guest access to escalate their privileges and reset the admin password.

Detection & IOCsextracted from sources · hover to see the quote

commandenable
commandsuper
commandconfigure terminal
commandusername admin nopassword
  • Detect Telnet (port 23) login attempts using the default guest credentials followed by an 'enable' command with the hardcoded password 'super' — this sequence is the exact exploit chain for CVE-2023-30350.
  • Alert on the Telnet command sequence 'username admin nopassword' being issued after privilege escalation — this is the payload that resets the admin password to blank on FS S3900-24T4S devices.
  • Monitor for Telnet sessions on port 23 to FS S3900-24T4S devices where a guest login is immediately followed by an 'enable' privilege escalation attempt — authenticated guest-to-admin escalation is the core of this CVE.
  • ·The hardcoded enable password 'super' is a static credential baked into the device firmware; it cannot be changed by the operator and is the root cause of the privilege escalation.
  • ·The exploit requires only guest-level credentials (username: guest / password: guest), meaning any account with guest access is sufficient to trigger the full admin takeover.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.