Adtran Sdg Smartos vulnerabilities
3 known vulnerabilities affecting adtran/sdg_smartos.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3
Vulnerabilities
Page 1 of 1
CVE-2024-31977P2HIGHCVSS 8.8fixed in 12.5.5.12024-07-24
CVE-2024-31977 [HIGH] CWE-78 CVE-2024-31977: Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS Version 12.6.3.1, devices allow OS Com
Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS Version 12.6.3.1, devices allow OS Command Injection via shell metacharacters to the Ping or Traceroute utility.
nvd
CVE-2024-31970P2HIGHCVSS 8.8fixed in 12.1.3.12024-07-24
CVE-2024-31970 [HIGH] CWE-863 CVE-2024-31970: AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have SS
AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have SSH enabled by default, accessible both over the LAN and the Internet. During a window of time when the device is being set up, it uses a default username and password combination of admin/admin with root-level privileges. An attacker can exploit this win
nvd
CVE-2024-39345P3HIGHCVSS 7.2fixed in 12.1.3.12024-07-24
CVE-2024-39345 [HIGH] CWE-78 CVE-2024-39345: AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have a h
AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. All of the devices internet interfaces share a similar MAC address that only varies in their final octet. This allows network-adjacent attackers to derive
nvd