CVE-2021-47744
Hard-Coded Credentials in Cypress CTM Devices Allow Root Access
Publication date: 2025-12-31
Last updated on: 2025-12-31
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| busybox | busybox | 1.24.1 |
| lighttpd | lighttpd | 1.4.39 |
| cypress_solutions | ctm-one | * |
| busybox | busybox | 1.15.3 |
| cypress_solutions | ctm-200 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not explicitly discuss the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA. However, since the vulnerability allows unauthorized remote root access to devices used in industrial and operational environments, it could potentially lead to unauthorized access to sensitive data or disruption of critical systems, which may affect compliance with data protection and security regulations. No direct statements or analyses regarding compliance impact are available in the provided resources. [1, 3, 4]
Can you explain this vulnerability to me?
CVE-2021-47744 is a vulnerability in Cypress Solutions CTM-200 and CTM-ONE industrial cellular wireless gateways. These devices contain hard-coded credentials, specifically a static password named 'Chameleon', embedded in their Linux distribution. This flaw allows attackers to remotely gain root access via Telnet or SSH without needing any authentication, enabling them to execute arbitrary commands with full administrative privileges on the affected devices. [1, 3, 4]
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows unauthorized remote attackers to gain root-level access to affected devices. With this access, attackers can execute arbitrary commands, potentially compromising sensitive resources, disrupting operations, and causing denial of service. Since these devices are used in industrial applications such as mobile fleet tracking and SCADA communications, exploitation could lead to significant operational disruptions and security breaches. [1, 3, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the hard-coded credentials, specifically the username 'root' or 'admin' with the password 'Chameleon' on affected Cypress Solutions CTM-200 and CTM-ONE devices. You can attempt to connect via SSH or Telnet using these credentials to verify if the device is vulnerable. Additionally, inspecting system files such as /var/config/passwd and /etc/shadow for fixed password hashes corresponding to 'Chameleon' can help identify the issue. A proof-of-concept Python3 exploit script (cypress_ssh.py) using Paramiko SSH library is available to test remote access with these credentials. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling Telnet and SSH services if not required, changing the hard-coded 'Chameleon' password if possible, or replacing affected devices with updated firmware versions that do not contain hard-coded credentials. If firmware updates are not available, isolating the devices from untrusted networks and restricting access to trusted administrators can reduce risk. Monitoring network traffic for unauthorized SSH or Telnet login attempts using the known credentials is also recommended. [1, 3, 4]