ADTRAN has recently discovered that some installations of products running SmartOS version 10.x if configured incorrectly are vulnerable to compromise by a remote attacker. The latest assessment of these products indicates that devices which are configured with unfiltered HTTP/HTTPS enabled on the WAN are susceptible to attack.
The investigation is ongoing and future updates will be provided here.
Mitigating Factors & Recommended Actions
Installations that do not have HTTP/HTTPS WAN access enabled are not remotely exploitable.