Zinwave Series 3000 DAS Web Interface Default Credentials

High Nessus Plugin ID 117462


The administration console for the remote distributed antenna system is protected using a known set of credentials.


Nessus was able to log in to Zinwave Series 3000 DAS using a default set of administrative credentials. A remote attacker could utilize these credentials to view and change or delete operating parameters or switching matrix configurations or change the system configuration.


Change passwords on any default accounts.

See Also


Plugin Details

Severity: High

ID: 117462

File Name: zinwave_series_3000_das_default_credentials.nasl

Version: 1.2

Type: remote

Family: CGI abuses

Published: 2018/09/13

Updated: 2018/11/15

Dependencies: 117463

Risk Information

Risk Factor: High

CVSS Score Source: manual

CVSS Score Rationale: Default credentials

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: x-cpe:/h:zinwave:3000das