cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ADTSA-2021001: SmartOS 10.x Vulnerability

ADTSA-2021001: SmartOS 10.x Vulnerability

Description


ADTRAN has recently discovered that some installations of products running SmartOS version 10.x if configured incorrectly are vulnerable to compromise by a remote attacker. The latest assessment of these products indicates that devices which are configured with unfiltered HTTP/HTTPS enabled on the WAN are susceptible to attack.
 

The investigation is ongoing and future updates will be provided here.


CVE ID


  • TBD

Affected Products


Product Family Severity Notes
SR400
SR905
Critical  

Mitigating Factors & Recommended Actions


Product Family Mitigating Factors Recommended Actions
SR400
SR905
Installations that do not have HTTP/HTTPS WAN access enabled are not remotely exploitable.

Disable HTTP/HTTPS WAN access using these instructions.

If you believe your product may have been compromised, please contact ADTRAN Product Support for additional assistance.


Resolution


Product Family Resolution
SR400
SR905
TBD

 

Revision History

 

Revision Date Changes
A 2021-04-27 Initial release.
Version history
Revision #:
7 of 7
Last update:
a week ago
Updated by:
 
Contributors