CVE-2024-39345
Published: 24 July 2024
Summary
CVE-2024-39345 is a high-severity OS Command Injection (CWE-78) vulnerability in Adtran Sdg Smartos. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked at the 29.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-37909
Vulnerability details
AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. All of the devices internet interfaces share a similar MAC address…
more
that only varies in their final octet. This allows network-adjacent attackers to derive the support user's SSH password by decrementing the final octet of the connected gateway address or via the BSSID. An attacker can then execute arbitrary OS commands with root-level privileges. NOTE: The vendor states that there is no intended functionality allowing an attacker to execute arbitrary OS Commands with root-level privileges. The vendor also states that this issue was fixed in SmartOS 12.5.5.1.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Hardcoded, undocumented support account with derivable password (from MAC/BSSID/gateway) enables authentication as root via default-enabled SSH on internet-facing interfaces, facilitating valid default account abuse, remote access over SSH, external remote services for initial access, and network device CLI execution.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Changing default authenticators prior to first use directly prevents use of hard-coded passwords.
Shared threat data frequently highlights products or deployments still using hard-coded passwords, enabling remediation that directly blocks credential-based attacks.
Background checks and authorization requirements decrease the probability that a developer will hard-code passwords for later unauthorized access.
Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.
Validates inputs to block special elements that would alter OS command execution.
Reviews of supplier deliverables reduce the chance that hard-coded passwords are introduced into the system.