CVE-2018-18473

high-risk

Published 2019-03-21

A hidden backdoor on PATLITE NH-FB Series devices with firmware version 1.45 or earlier, NH-FV Series devices with firmware version 1.10 or earlier, and NBM Series devices with firmware version 1.09 or earlier allow attackers to enable an SSH daemon via the "kankichi" or "kamiyo4" password to the _secret1.htm URI. Subsequently, the default password of root for the root account allows an attacker to conduct remote code execution and as a result take over the system.

Do I need to act?

7.0% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (3)

Nbm-D88N Firmware

Nhl-3Fb1 Firmware

Nhl-3Fv1N Firmware

Affected Vendors

Patlite

References (4)

Exploit https://herolab.usd.de/wp-content/uploads/sites/4/usd20180020.txt

https://www.patlite.com/support/Security_Informationtest.html

Exploit https://herolab.usd.de/wp-content/uploads/sites/4/usd20180020.txt

https://www.patlite.com/support/Security_Informationtest.html

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 9/34 · Low

Exposure 9/34 · Low