Halon Security Router User Interface Default Credentials

critical Nessus Plugin ID 77114

Synopsis

The remote web service is protected using a default set of known credentials.

Description

The remote Halon Security Router user interface uses a known set of default credentials. An attacker with access to the service can gain administrative access to the device.

Additionally, these credentials allow SSH (if enabled) access to the device with root privileges.

Solution

Change the default admin login credentials.

See Also

http://www.nessus.org/u?bdbd2080

Plugin Details

Severity: Critical

ID: 77114

File Name: halon_sr_default_creds.nasl

Version: 1.4

Type: remote

Family: CGI abuses

Published: 8/11/2014

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:halon:security_router

Required KB Items: installed_sw/Halon Security Router

Excluded KB Items: global_settings/supplied_logins_only