CVE-2018-12072
UnknownEPSS 1.54%
Last modified
CVE-2018-12072 is a vulnerability of currently unknown severity. An issue was discovered in Cloud Media Popcorn A-200 03-05-130708-21-POP-411-000 firmware. It is configured to provide TELNET remote access (without a password) that pops a shell as root. EPSS estimates a 1.54% chance of exploitation in the next 30 days.
Description
An issue was discovered in Cloud Media Popcorn A-200 03-05-130708-21-POP-411-000 firmware. It is configured to provide TELNET remote access (without a password) that pops a shell as root. If an attacker can connect to port 23 on the device, he can completely compromise it.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cloudmedia | Popcorn A-200 Firmware | 03-05-130708-21-pop-411-000_ |
References
- https://gist.github.com/freetom/2a446a226d0e98807c8b0c1111ef2defThird Party Advisory
- https://gist.github.com/freetom/2a446a226d0e98807c8b0c1111ef2defThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-12072?
An issue was discovered in Cloud Media Popcorn A-200 03-05-130708-21-POP-411-000 firmware. It is configured to provide TELNET remote access (without a password) that pops a shell as root. If an attacker can connect to port 23 on the device, he can completely compromise it.
How severe is CVE-2018-12072?
Severity scoring for CVE-2018-12072 is pending analysis. The EPSS model estimates a 1.54% probability of exploitation in the next 30 days.
How do I fix CVE-2018-12072?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2018-12072?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST