Zinwave Series 3000 DAS Web Interface Default Credentials

High Nessus Plugin ID 117462

Synopsis

The administration console for the remote distributed antenna system is protected using a known set of credentials.

Description

Nessus was able to log in to Zinwave Series 3000 DAS using a default set of administrative credentials. A remote attacker could utilize these credentials to view and change or delete operating parameters or switching matrix configurations or change the system configuration.

Solution

Change passwords on any default accounts.

See Also

https://www.zinwave.com/das-solutions

Plugin Details

Severity: High

ID: 117462

File Name: zinwave_series_3000_das_default_credentials.nasl

Version: 1.1

Type: remote

Family: CGI abuses

Published: 2018/09/13

Modified: 2018/09/13

Dependencies: 117463

Risk Information

Risk Factor: High

CVSS Score Source: manual

CVSS Score Rationale: Default credentials

CVSSv2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSSv3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: x-cpe:/h:zinwave:3000das

Required KB Items: installed_sw/Zinwave Series 3000 DAS

Excluded KB Items: Settings/disable_cgi_scanning, global_settings/supplied_logins_only