{"vuid":"VU#200907","idnumber":"200907","name":"Intellian Satellite TV t-Series and v-Series firmware contains insecure default credentials","keywords":["default credentials"],"overview":"Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses default credentials.","clean_desc":"CWE-255: Credentials Management - CVE-2016-6551 Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses non-random default credentials of:  ftp/ftp or intellian:12345678. A remote network attacker can gain elevated access to a vulnerable device.","impact":"A remote attacker can take control of a device using default credentials.","resolution":"The CERT/CC is currently unaware of a practical solution to this problem.","workarounds":"Restrict access and use strong passwords As a general good security practice, only allow trusted hosts to connect to the device. Use of strong, unique passwords can help reduce the efficacy of brute force password guessing attacks.","sysaffected":"","thanks":"Thanks to Ory Segal and Ezra Caltum  for reporting this vulnerability.","author":"This document was written by Trent Novelly.","public":["http://cwe.mitre.org/data/definitions/255.html","https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshowdown-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pdf"],"cveids":["CVE-2016-6551"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2016-10-11T21:12:15Z","publicdate":"2016-10-20T00:00:00Z","datefirstpublished":"2016-10-20T18:14:44Z","dateupdated":"2016-10-20T18:14:44Z","revision":16,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"L","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"P","cvss_availabilityimpact":"P","cvss_exploitablity":null,"cvss_remediationlevel":"W","cvss_reportconfidence":"ND","cvss_collateraldamagepotential":"N","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"4.4","cvss_basevector":"AV:L/AC:M/Au:N/C:P/I:P/A:P","cvss_temporalscore":"4","cvss_environmentalscore":"2.96338049335716","cvss_environmentalvector":"CDP:N/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}