NetStructure 7180 Remote Backdoor Vulnerability

NetStructure (formerly known as Ipivot Commerce Accelerator) is a Multi-Site Traffic Director. This Internet equipment is designed for businesses with multiple Web site locations, routing traffic to the best available site from a single URL management. Certain revisions of this package have two undocumented supervisor passwords. These passwords are derived from is the ethernet address of the public interface which under default installs is available via a default passworded SNMP daemon.

These passwords can be utilized via the admin console locally (via a serial interface) or remotely if the machine has been deployed with a modem for remote accessor allows telnet access. It should be noted that configuration over telnet is preferred in the user documentation. With these passwords an intruder gains shell access to the underlying UNIX system and may sniff traffic among other things.


Privacy Statement
Copyright 2010, SecurityFocus