CVE-2012-4577 | Vulnerability Database | Aqua Security

The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device servers has a hardcoded password of password for the root account, which allows remote attackers to obtain administrative access via an SSH session.

Affected Software

Name	Vendor	Start Version	End Version
Jetport	Korenix	5601 (including)	5601 (including)
Jetport	Korenix	5601f (including)	5601f (including)
Jetport	Korenix	5604 (including)	5604 (including)
Jetport	Korenix	5604i (including)	5604i (including)

References

http://ics-cert.us-cert.gov/advisories/ICSA-12-263-02
http://ics-cert.us-cert.gov/advisories/ICSA-12-297-02
http://www.digitalbond.com/2012/06/13/korenix-and-oring-insecurity
http://www.securityfocus.com/bid/55196
https://exchange.xforce.ibmcloud.com/vulnerabilities/77992
http://ics-cert.us-cert.gov/advisories/ICSA-12-263-02
http://ics-cert.us-cert.gov/advisories/ICSA-12-297-02
http://www.digitalbond.com/2012/06/13/korenix-and-oring-insecurity
http://www.securityfocus.com/bid/55196
https://exchange.xforce.ibmcloud.com/vulnerabilities/77992

NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-4577
CWE	https://cwe.mitre.org/data/definitions/255.html