Synopsis
The remote network device does not use an administrative password.
Description
The Shiva LanRover has no password set for the root user account. An attacker is able to telnet to this system and gain access to any phone lines attached to this device.
Additionally, the LanRover can be used as a relay point for further attacks via the telnet and rlogin functionality available from the administration shell.
Solution
Telnet to this device and change the password for the root account via the passwd command. Please ensure any other accounts have strong passwords set.
Plugin Details
File Name: DDI_LanRover_Blank_Password.nasl
Supported Sensors: Nessus
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
Exploit Ease: Exploits are available
Exploitable With
Metasploit (SNMP Community Scanner)