How severe is CVE-2017-9137?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2017-9137?

This is classified as CWE-1188, which is a common weakness in software security.

CVE-2017-9137 - HIGH Severity | CVSS 7.3

Vulnerability Description

Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account (a hidden user account established by the vendor). This account can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to the device's settings. However, when using SSH, this gives an attacker access to a Linux shell. NOTE: the vendor has commented "The mateidu user is a known user, which is mentioned in the FibeAir IP-10 User Guide. Customers are instructed to change the mateidu user password. Changing the user password fully solves the vulnerability."

Related Vulnerabilities

CVE-2017-5155

HIGH

CVSS:7.3(High)

An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compro...

CWE-11882017

CVE-2019-2041

HIGH

CVSS:7.3(High)

In the configuration of NFC modules on certain devices, there is a possible failure to distinguish individual devices due to an insecure default value. This could lead to local escalation of privilege...

CWE-11882019

CVE-2019-2043

HIGH

CVSS:7.3(High)

In SmsDefaultDialog.onStart of SmsDefaultDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a l...

CWE-11882019

CVE-2020-0271

HIGH

CVSS:7.3(High)

In the Settings app, there is an insecure default value. This could lead to local escalation of privilege and tapjacking with User execution privileges needed. User interaction is needed for exploitat...

CWE-11882020

CVE-2010-2247

HIGH

CVSS:7.5(High)

makepasswd 1.10 default settings generate insecure passwords

CWE-11882010

CVE-2017-6750

HIGH

CVSS:7.5(High)

A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated...

CWE-11882017