Test ID:	1.3.6.1.4.1.25623.1.0.140246
Category:	Gain a shell remotely
Title:	SenNet Data Logger Appliances and Electricity Meters Multiple Vulnerabilities
Summary:	The remote SenNet Appliances is affected by multiple vulnerabilities.
Description:	Summary: The remote SenNet Appliances is affected by multiple vulnerabilities. Vulnerability Insight: Vulnerability Details 1. No access control on the remote shell The appliance runs ARM as underlying OS. Telnet access is enabled on TCP port 5000. There is no authentication required for accessing and connecting the remote shell. Any user can connect to the shell and issue commands. 2. Shell services running with excessive privileges (superuser) The service runs with superuser root privileges, thus giving privileged access to any user, without any authentication (exploited via OS Command Injection described nexe). 3. OS Command Injection The remote shell (attempts to) offer a restricted environment, and does not allow executing system commands. However, it is possible to break out of this jailed shell by chaining specific shell meta-characters and OS commands. The service / application is run as 'root' and OS command injection results in full system access. Affected Software/OS: SenNet Optimal DataLogger appliance SenNet Solar DataLogger appliance SenNet Multitask Meter Solution: Vendor has released a fix. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.