A privileged account with a weak default password on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 can be used to turn on the TELNET service via the web interface, which allows root login without any password. This vulnerability will lead to full system compromise and disclosure of user communications. The foxconn account with an 8-character lowercase alphabetic password can be used.
The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ap-fc4064-t_firmware | Foxconn | ap_gt_b38_5.8.3lb15-w47_lte (including) | ap_gt_b38_5.8.3lb15-w47_lte (including) |
A product’s design should require adherance to an appropriate password policy. Specific password requirements depend strongly on contextual factors, but it is recommended to contain the following attributes:
Depending on the threat model, the password policy may include several additional attributes.
See NIST 800-63B [REF-1053] for further information on password requirements.