Description
ADTRAN has recently discovered that some installations of products running SmartOS version 10.x are vulnerable to compromise by a remote attacker if configured in an insecure manner. The latest assessment of these products indicates that devices which are configured with unfiltered HTTP/HTTPS enabled on the WAN are susceptible to attack.
The investigation is ongoing and future updates will be provided here.
Affected Products
| Product Family |
Severity |
Notes |
SR400
SR905 |
Critical |
|
Mitigating Factors & Recommended Actions
| Product Family |
Mitigating Factors |
Recommended Actions |
SR400
SR905 |
Installations that do not have HTTP/HTTPS WAN access enabled are not remotely exploitable. |
Disable HTTP/HTTPS WAN access using these instructions.
If you believe your product may have been compromised, please contact ADTRAN Product Support for additional assistance.
|
Resolution
| Product Family |
Resolution |
SR400
SR905 |
Upgrade to SmartOS 10.8.9.1 and disable unfiltered WAN management access. SmartOS 10.8.9.1 includes a fix to prevent arbitrary code execution by an authenticated GUI user as well as additional security hardening. |
Revision History
| Revision |
Date |
Changes |
| B |
2021-06-07 |
Updated the resolution. |
| A |
2021-04-27 |
Initial release. |
