Zinwave Series 3000 DAS Web Interface Default Credentials

critical Nessus Plugin ID 117462

Synopsis

The administration console for the remote distributed antenna system is protected using a known set of credentials.

Description

Nessus was able to log in to Zinwave Series 3000 DAS using a default set of administrative credentials. A remote attacker could utilize these credentials to view and change or delete operating parameters or switching matrix configurations or change the system configuration.

Solution

Change passwords on any default accounts.

See Also

https://www.zinwave.com/das-solutions-0

Plugin Details

Severity: Critical

ID: 117462

File Name: zinwave_series_3000_das_default_credentials.nasl

Version: 1.2

Type: remote

Family: CGI abuses

Published: 9/13/2018

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Default credentials

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: manual

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: x-cpe:/h:zinwave:3000das

Required KB Items: installed_sw/Zinwave Series 3000 DAS

Excluded KB Items: Settings/disable_cgi_scanning, global_settings/supplied_logins_only