OpenWrt Router with a Blank Password (telnet check)

critical Nessus Plugin ID 40354

Synopsis

The remote router does not have a password set.

Description

The remote host is running OpenWrt, an open source Linux distribution for embedded devices, especially routers.

It is currently configured without a password, which is the case by default. Anyone can connect to the device via Telnet and gain administrative access to it.

Solution

Set a password for the device.

See Also

http://oldwiki.openwrt.org/OpenWrtDocs%282f%29Using.html

Plugin Details

Severity: Critical

ID: 40354

File Name: openwrt_blank_telnet_password.nasl

Version: 1.9

Type: remote

Family: CGI abuses

Published: 7/23/2009

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

Metasploit (SNMP Community Scanner)

Reference Information

CVE: CVE-1999-0508