CVE-2021-37555
Last modified
CVE-2021-37555 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the default password of 059AnkJ for the root account. EPSS estimates a 1.38% chance of exploitation in the next 30 days.
Description
TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the default password of 059AnkJ for the root account. The user can then download the filesystem through preinstalled BusyBox utilities (e.g., tar and nc).
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Trixie | Tx9 Automatic Food Dispenser Firmware | 3.2.57 |
References
- http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-296520Third Party Advisory
- http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-296520Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-37555?
How severe is CVE-2021-37555?
How do I fix CVE-2021-37555?
Are you affected by CVE-2021-37555?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST