{"vuid":"VU#970379","idnumber":"970379","name":"Green Packet DX-350 contains insecure default credentials","keywords":["default credentials"],"overview":"Green Packet DX-350 uses default credentials","clean_desc":"CWE-255: Credentials Management - CVE-2016-6552 Green Packet DX-350 uses non-random default credentials of: root:wimax. A remote network attacker can gain privileged access to a vulnerable device.","impact":"A remote attacker can take complete control of a device using default admin credentials.","resolution":"The CERT/CC is currently unaware of a practical solution to this problem.","workarounds":"Restrict access and use strong passwords As a general good security practice, only allow trusted hosts to connect to the device. Use of strong, unique passwords can help reduce the efficacy of brute force password guessing attacks.","sysaffected":"","thanks":"Thanks to Ory Segal and Ezra Caltum  for reporting this vulnerability.","author":"This document was written by Trent Novelly.","public":["http://cwe.mitre.org/data/definitions/255.html","https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshowdown-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pdf"],"cveids":["CVE-2016-6552"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2016-10-11T21:29:53Z","publicdate":"2016-10-20T00:00:00Z","datefirstpublished":"2016-10-20T18:15:15Z","dateupdated":"2016-10-20T18:15:15Z","revision":15,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"L","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"W","cvss_reportconfidence":"ND","cvss_collateraldamagepotential":"N","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"6.9","cvss_basevector":"AV:L/AC:M/Au:N/C:C/I:C/A:C","cvss_temporalscore":"6.2","cvss_environmentalscore":"4.662225483552","cvss_environmentalvector":"CDP:N/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}