CVE-2018-12072 - An issue was discovered in Cloud Media Popcorn A-200 03-05-130708-21-POP-411-000 firmware. It is con

CVE-2018-12072

Summary

An issue was discovered in Cloud Media Popcorn A-200 03-05-130708-21-POP-411-000 firmware. It is configured to provide TELNET remote access (without a password) that pops a shell as root. If an attacker can connect to port 23 on the device, he can completely compromise it.

References

https://gist.github.com/freetom/2a446a226d0e98807c8b0c1111ef2def

Vulnerable Configurations

cpe:2.3:o:cloudmedia:popcorn_a-200_firmware:03-05-130708-21-pop-411-000_:*:*:*:*:*:*:*
cpe:2.3:o:cloudmedia:popcorn_a-200_firmware:03-05-130708-21-pop-411-000_:*:*:*:*:*:*:*
cpe:2.3:h:cloudmedia:popcorn_a-200:*:*:*:*:*:*:*:*
cpe:2.3:h:cloudmedia:popcorn_a-200:*:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

misc

https://gist.github.com/freetom/2a446a226d0e98807c8b0c1111ef2def

Last major update

03-10-2019 - 00:03

Published

17-06-2018 - 20:29

Last modified

03-10-2019 - 00:03