Shiva LanRover Blank Password Network Vulnerability

Summary

The Shiva LanRover has no password set for the root user account. An attacker is able to telnet to this system and gain access to any phone lines attached to this device. Additionally, the LanRover can be used as a relay point for further attacks via the telnet and rlogin functionality available from the administration shell.

Solution

Telnet to this device and change the password for the root account via the passwd command. Please ensure any other accounts have strong passwords set.

Severity

Classification

CVE CVE-1999-0508

CVSS	Base Score: 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

VMware Products Guest Privilege Escalation Vulnerability - Nov09 (Win)
Intel Desktop Boards SMM Local Privilege Escalation Vulnerability (Linux)
3Com Superstack 3 switch with default password
Ziproxy Security Bypass Vulnerability
Dovecot ACL Plugin Security Bypass Vulnerabilities

Take action and discover your vulnerabilities