What is the severity of CVE-2024-31970?

CVE-2024-31970 is considered a high severity vulnerability due to the default SSH credentials and accessibility over the Internet.

How do I fix CVE-2024-31970?

To mitigate CVE-2024-31970, update the firmware of the AdTran SRG 834-5 device to version 12.1.3.1 or later.

Which devices are affected by CVE-2024-31970?

CVE-2024-31970 affects AdTran SRG 834-5 devices running SmartOS versions prior to 12.1.3.1.

What default credentials are used in CVE-2024-31970?

CVE-2024-31970 uses the default username and password of admin/admin during the setup process.

Is SSH secure by default in devices affected by CVE-2024-31970?

No, SSH is enabled by default in affected devices, which poses a significant security risk.

Vulnerability/
CVE-2024-31970

high

8.8

CWE

863

24/7/2024

3/9/2024

CVE-2024-31970

First published: Wed Jul 24 2024(Updated: )

AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have SSH enabled by default, accessible both over the LAN and the Internet. During a window of time when the device is being set up, it uses a default username and password combination of admin/admin with root-level privileges. An attacker can exploit this window to gain unauthorized root access by either modifying the existing admin account or creating a new account with equivalent privileges. This vulnerability allows attackers to execute arbitrary commands. NOTE: The vendor has disputed this, finding the report not applicable. According to AdTran, SSH has never been accessible (from WAN) on SmartOS official builds. Furthermore, the vendor adds that test build 11.1.0.101-202106231430 was never released to end users.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
All of
SmartOS	<12.1.3.1
Adtran 834-5 Firmware

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-31970?
CVE-2024-31970 is considered a high severity vulnerability due to the default SSH credentials and accessibility over the Internet.
How do I fix CVE-2024-31970?
To mitigate CVE-2024-31970, update the firmware of the AdTran SRG 834-5 device to version 12.1.3.1 or later.
Which devices are affected by CVE-2024-31970?
CVE-2024-31970 affects AdTran SRG 834-5 devices running SmartOS versions prior to 12.1.3.1.
What default credentials are used in CVE-2024-31970?
CVE-2024-31970 uses the default username and password of admin/admin during the setup process.
Is SSH secure by default in devices affected by CVE-2024-31970?
No, SSH is enabled by default in affected devices, which poses a significant security risk.

agent/first-publish-date
agent/type
agent/author
agent/severity
agent/weakness
agent/event
collector/mitre-cve
source/MITRE
agent/references
agent/last-modified-date
agent/description
agent/source
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/adtran
canonical/smartos
canonical/adtran 834-5 firmware

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.