Full Report
An attacker without authentication can login with default credentials for privileged users.
Analysis Summary
# Vulnerability: Eltex ESR-200 Default Privileged Credentials
## CVE Details
- **CVE ID:** CVE-2018-15360
- **CVSS Score:** 8.3 (High) *[Note: The source text lists 0.0, but the provided vector string CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L calculates to 8.3]*
- **CWE:** CWE-255 (Commonly used for Default Passwords)
## Affected Systems
- **Products:** Eltex ESR-200 Router
- **Versions:** Firmware version 1.2.0
- **Configurations:** Systems running with factory default settings.
## Vulnerability Description
The Eltex ESR-200 router (firmware 1.2.0) contains a flaw where privileged user accounts are configured with default credentials. An unauthenticated remote attacker can use these known credentials to log into the device's management interface. Because the vulnerable accounts have privileged access, the attacker can gain full control over the router's configuration and network traffic.
## Exploitation
- **Status:** Unknown (No public PoC or active exploitation reported in the provided text)
- **Complexity:** Low
- **Attack Vector:** Network
## Impact
- **Confidentiality:** Low (Access to device configuration and status)
- **Integrity:** Low (Ability to modify routing tables and device settings)
- **Availability:** Low (Potential to disrupt network services)
- *Note: The CVSS vector provided (S:C) indicates the impact can extend beyond the router itself to the wider network it manages.*
## Remediation
### Patches
- **Update Firmware:** The vendor has released firmware version **1.3.0** which addresses this vulnerability.
### Workarounds
- **Change Default Credentials:** Immediately change the passwords for all built-in accounts (e.g., admin, root, etc.) to strong, unique passwords.
- **Restrict Access:** Implement Access Control Lists (ACLs) to limit access to the management interface (SSH, Telnet, Web) to trusted IP addresses only.
## Detection
- **Indicators of Compromise:** Unusual log entries showing successful logins from unexpected IP addresses using administrative accounts.
- **Detection methods and tools:** Audit configuration files for the presence of default password hashes. Use network vulnerability scanners to check for the use of common default credentials on management ports.
## References
- **Vendor Advisory:** hxxps[://]ics-cert[.]kaspersky[.]com/advisories/2018/08/17/klcert-18-016-eltex-esp-200-router-default-password-usage/
- **NVD Detail:** hxxps[://]nvd[.]nist[.]gov/vuln/detail/CVE-2018-15360