ADTRAN has recently discovered that some installations of products running SmartOS version 10.x are vulnerable to compromise by a remote attacker if configured in an insecure manner. The latest assessment of these products indicates that devices which are configured with unfiltered HTTP/HTTPS enabled on the WAN are susceptible to attack.
The investigation is ongoing and future updates will be provided here.
Mitigating Factors & Recommended Actions
Installations that do not have HTTP/HTTPS WAN access enabled are not remotely exploitable.
If you believe your product may have been compromised, please contact ADTRAN Product Support for additional assistance.
Upgrade to SmartOS 10.8.9.1 and disable unfiltered WAN management access. SmartOS 10.8.9.1 includes a fix to prevent arbitrary code execution by an authenticated GUI user as well as additional security hardening.