This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Default credentials on Web UI! π¨ π₯ **Consequences**: Unauthorized access to the admin panel. Attackers can take full control of the Wireless Multiplex Terminal.β¦
π‘οΈ **Root Cause**: **Trust Management Issue** (CWE not specified in data). π **Flaw**: The device ships with a hardcoded default account. Password is static: `pokon`. No complexity or randomization enforced.
Q3Who is affected? (Versions/Components)
π¦ **Affected**: Mobile Viewpoint Wireless Multiplex Terminal. π **Versions**: Playout Server **<= 20.2.8**. (Based on PoC description). Vendor: Mobile Viewpoint (Netherlands).
Q4What can hackers do? (Privileges/Data)
π **Privileges**: Full **Administrative Access** via Web Interface. π **Data**: Complete control over device configuration. Potential to disrupt broadband bundling and video streaming services.β¦
π **Threshold**: **LOW**. π **Auth**: Requires **NO** password change. Default `pokon` works out-of-the-box. βοΈ **Config**: Needs only network access to the Web Admin Interface. No complex exploitation steps.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Public Exp?**: **YES**. π **PoC**: Available via **ProjectDiscovery Nuclei Templates** (CVE-2020-35338.yaml). Automated scanning tools can detect this instantly.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Use **Nuclei** or similar scanners. π **Method**: Check for the default `pokon` credential login success on the web admin path.β¦
π§ **No Patch? Workaround**: 1οΈβ£ **Change Password**: Immediately set a strong password for the admin account. 2οΈβ£ **Network Segmentation**: Block external access to the Web Admin Interface (Firewall rules). 3οΈβ£ **Disablβ¦
β‘ **Urgency**: **HIGH**. π― **Priority**: **P1**. Default passwords are an instant ticket for attackers. Automated scanners (Nuclei) are already hunting this. Patch or mitigate **IMMEDIATELY**.