CVE-2024-31970 Information

Description

AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have SSH enabled by default accessible both over the LAN and the Internet. During a window of time when the device is being set up it uses a default username and password combination of admin/admin with root-level privileges. An attacker can exploit this window to gain unauthorized root access by either modifying the existing admin account or creating a new account with equivalent privileges. This vulnerability allows attackers to execute arbitrary commands.

Reference

https://github.com/actuator/cve/blob/main/AdTran/SRG-834-5 https://github.com/actuator/cve/blob/main/AdTran/CVE-2024-31970