** UNSUPPORTED WHEN ASSIGNED ** The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the device is possible. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
References
Link | Resource |
---|---|
https://www.sec-research.com/1604584604-hard-coded-credentials-in-netzwerk-videorekorder-planet-nvr-915.html | Exploit Third Party Advisory |
Information
Published : 2020-11-18 10:15
Updated : 2021-07-21 04:39
NVD link : CVE-2020-26097
Mitre link : CVE-2020-26097
JSON object : View
CWE
CWE-798
Use of Hard-coded Credentials
Products Affected
planet
- nvr-1615_firmware
- nvr-915
- nvr-1615
- nvr-915_firmware