CVE-2021-47744

critical

Description

Cypress Solutions CTM-200/CTM-ONE 1.3.6 contains hard-coded credentials vulnerability in Linux distribution that exposes root access. Attackers can exploit the static 'Chameleon' password to gain remote root access via Telnet or SSH on affected devices.

References

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5686.php

https://www.vulncheck.com/advisories/cypress-solutions-ctm-ctm-one-hard-coded-credentials-remote-root

https://www.exploit-db.com/exploits/50407

https://www.cypress.bc.ca

Details

Source: Mitre, NVD

Published: 2025-12-31

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

CVSS v4

Base Score: 9.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: Critical

EPSS

EPSS: 0.00031