Executive Summary

This vulnerability occurs because the web management interface of the device allows the administrator username and password to be set to blank values.

Once these blank credentials are applied, the device permits authentication with empty credentials over both the web management interface and the Telnet service.

This effectively disables authentication across all critical management channels, allowing any network-adjacent attacker to gain full administrative control without needing any credentials.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have severe impacts as it allows an attacker who is on the same network or adjacent network to gain full administrative control of the affected device without any authentication.

With full administrative control, the attacker can compromise the device's confidentiality, integrity, and availability.

• Confidentiality: The attacker can access sensitive information stored or transmitted by the device.
• Integrity: The attacker can modify configurations or data, potentially causing malicious behavior.
• Availability: The attacker can disrupt device operations, causing denial of service.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

I don't know

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, ensure that the administrator username and password are not set to blank values on the device's web management interface.

Set strong, non-empty credentials to prevent unauthorized access over both the web management interface and Telnet service.

Restrict network access to the management interfaces to trusted hosts only, if possible.

Useful 0 Not Useful 0