Multiple Westermo Routers Multiple Security Vulnerabilities



Multiple Westermo Routers are prone to the following security vulnerabilities:

1. A hard-coded credentials vulnerability
2. A cross-site request forgery vulnerability
3. A hard-coded cryptographic key vulnerability

Attackers can exploit these issues to bypass authentication mechanisms, to perform unauthorized actions and gain access to the affected application and to read and modify intercepted traffic.

Information

Bugtraq ID: 100470
Class: Input Validation Error
CVE: CVE-2017-5816
CVE-2017-12709
CVE-2017-12703
CVE-2016-5816

Remote: Yes
Local: Yes
Published: Aug 24 2017 12:00AM
Updated: Apr 15 2019 06:00PM
Credit: Mandar Jadhav from Qualys Security
Vulnerable: Westermo MRD-455 1.7.5.0
Westermo MRD-355 1.7.5.0
Westermo MRD-315 1.7.5.0
Westermo MRD-305-DIN 1.7.5.0


Not Vulnerable: Westermo MRD-455 1.7.7.0
Westermo MRD-355 1.7.7.0
Westermo MRD-315 1.7.7.0
Westermo MRD-305-DIN 1.7.7.0


Exploit


Attackers can use readily available tools to exploit these issues.


Related Posts