{"vuid":"VU#326395","idnumber":"326395","name":"Nuuo NT-4040 firmware contains insecure default credentials","keywords":["default credentials"],"overview":"Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses default credentials","clean_desc":"CWE-255: Credentials Management - CVE-2016-6553 Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses non-random default credentials of:  admin:admin and localdisplay:111111 . A remote network attacker can gain privileged access to a vulnerable device.","impact":"A remote attacker can take complete control of a device using default admin credentials.","resolution":"Apply an update\nNuuo has released an update to address the issue. Please see the vendor information.","workarounds":"Restrict access and use strong passwords As a general good security practice, only allow trusted hosts to connect to the device. Use of strong, unique passwords can help reduce the efficacy of brute force password guessing attacks.","sysaffected":"","thanks":"Thanks to Ory Segal and Ezra Caltum  for reporting this vulnerability.","author":"This document was written by Trent Novelly.","public":["http://cwe.mitre.org/data/definitions/255.html","https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshowdown-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pdf"],"cveids":["CVE-2016-6553"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2016-10-11T21:45:27Z","publicdate":"2016-10-20T00:00:00Z","datefirstpublished":"2016-10-20T18:14:35Z","dateupdated":"2016-12-13T16:20:48Z","revision":16,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"L","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"W","cvss_reportconfidence":"ND","cvss_collateraldamagepotential":"N","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"6.9","cvss_basevector":"AV:L/AC:M/Au:N/C:C/I:C/A:C","cvss_temporalscore":"6.2","cvss_environmentalscore":"4.662225483552","cvss_environmentalvector":"CDP:N/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}