Platnet Technology WGSD-1020 and WSW-2401 switches default administrative account
| planettechnology-default-admin-account (13446) |  Medium Risk |
Description:
Planet Technology's WGSD-1020 and WSW-2401 managed Ethernet switches are shipped with a default administrative account login name and password. A remote attacker with knowledge of this account could connect to an affected device to gain unauthorized administrative access to the system.
Platforms Affected:
- PLANET Technology, WGSD-1020 3.08
- PLANET Technology, WSW-2401 3.08
Remedy:
No remedy available as of July 4, 2009.
Consequences:
Gain Access
References:
- SecuriTeam Mailing List, SecurityNews 16 Nov 2003, Planet Network Switch Default Administrative User at http://www.securiteam.com/securitynews/6T00B1P8VK.html.
- SECURITY.NNOV Web site, Planet WGSD-1020 at http://www.security.nnov.ru/search/document.asp?docid=5233.
- BID-8837: Planet Network Switch Undocumented Administrative User Unauthorized Access Vulnerability
- CVE-2003-1507: Planet Technology WGSD-1020 and WSW-2401 Ethernet switches use a default superuser account with the planet password, which allows remote attackers to gain administrative access.
- SECTRACK ID: 1007924: PLANET Switch Default Account Lets Remote Users Gain Administrative Access
Reported:
Oct 14, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net