Detections
Analytics
Microhard 3G/4G Cellular Ethernet and Serial Gateway Use of Default Credentials (ZSL-2018-5480)
high Tenable OT Security Plugin ID 503148
Synopsis
The remote OT asset is affected by a vulnerability.Description
The devices utilizes hard-coded credentials within its Linux distribution image.These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the gateway.
Another vulnerability could allow an authenticated attacker to gain root access. The vulnerability is due to default credentials. An attacker could exploit this vulnerability by logging in using the default credentials.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
Refer to the vuln advisory.See Also
https://www.exploit-db.com/exploits/45040
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5480.php
Plugin Details
Severity: High
ID: 503148
Version: 1.1
Type: remote
Family: Tenable.ot
Published: 3/24/2025
Updated: 3/24/2025
Supported Sensors: Tenable OT Security
Risk Information
CVSS Score Rationale: Tenable score for unsupported products.
CVSS v3
Risk Factor: High
Base Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Information
CPE: cpe:/o:microhardcorp:bullet-lte_firmware, cpe:/o:microhardcorp:bullet-3g_firmware, cpe:/o:microhardcorp:ipn4ii_firmware, cpe:/o:microhardcorp:vip4gb_firmware, cpe:/o:microhardcorp:ipn3gii_firmware, cpe:/o:microhardcorp:bulletplus_firmware, cpe:/o:microhardcorp:vip4g-wifi-n_firmware, cpe:/o:microhardcorp:ipn3gb_firmware, cpe:/o:microhardcorp:dragon-lte_firmware, cpe:/o:microhardcorp:ipn4g_firmware, cpe:/o:microhardcorp:vip4g_firmware, cpe:/o:microhardcorp:ipn4gb_firmware
Required KB Items: Tenable.ot/Microhard
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 7/17/2018
Reference Information
CWE: 1392