CAREL pCOWeb Default Account Security Bypass Vulnerability

Summary
The remote pCOWeb is prone to a default account authentication bypass vulnerability. This issue may be exploited by a remote attacker to gain access to sensitive information or modify system configuration. It was possible to login as user 'http' with no password. Solution (workaround): Login with telnet and set a password or change the shell from '/bin/bash' to '/bin/nologin'.
References