libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nexans | gigaswitch_641_desk_v5_sfp-vi_firmware | * |
| nexans | gigaswitch_v5_2tp(pd-f+)_sfp-vi_54vdc_firmware | * |
| nexans | gigaswitch_v5_tp(pse+)_sfp-2vi_54vdc_firmware | * |
| nexans | gigaswitch_v5_tp_sfp-2vi_54vdc_med_firmware | * |
| nexans | gigaswitch_v5_tp(pse+)_sfp-2vi_54vdc_med_firmware | * |
| nexans | gigaswitch_v5_2tp(pse+)_sfp-vi_54vdc_firmware | * |
| nexans | gigaswitch_v5_2tp_sfp-vi_54vdc_firmware | * |
| nexans | gigaswitch_v5_tp_sfp-2vi_54vdc_firmware | * |
| nexans | gigaswitch_v5_tp_sfp-vi_230vac_firmware | * |
| nexans | gigaswitch_642_desk_v5_sfp-2vi_firmware | * |
| nexans | gigaswitch_v5_sfp-2vi_230vac_firmware | * |
| nexans | gigaswitch_v5_tp_sfp-2vi_54vdc_ind_firmware | * |
| nexans | gigaswitch_v5_tp(pse+)_sfp-2vi_54vdc_ind_firmware | * |