RuggedCom RuggedOS Default 'factory' Account Backdoor
Critical Nessus Plugin ID 58991
SynopsisThe remote network device has a hard-coded user account with predictable credentials.
DescriptionThe remote device is running RuggedCom RuggedOS (ROS). Using the user name 'factory' and a password derived from the MAC address of the device (which is present in the telnet login banner), Nessus was able to successfully log into the device via a built-in backdoor account.
SolutionUpgrade to the latest RuggedOS firmware version per the vendor's advisory.