CVE-2009-3710
RioRey RIOS 4.6.6 and 4.7.0 - Unauthenticated Privilege Escalation via Hardcoded SSH Credentials
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2009-3710. PoCs published by Marek Kroemeke.
AI-analyzed exploit summary This exploit leverages a hardcoded SSH credential (username: dbadmin, password: sq!us3r) on port 8022 to gain root access to Riorey DDoS mitigation appliances running vulnerable RIOS versions. The outdated Linux kernel (2.6.16.6) allows privilege escalation post-authentication.
Description
RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username (dbadmin) and password (sq!us3r) for an SSH tunnel, which allows remote attackers to gain privileges via port 8022.
Exploits (1)
This exploit leverages a hardcoded SSH credential (username: dbadmin, password: sq!us3r) on port 8022 to gain root access to Riorey DDoS mitigation appliances running vulnerable RIOS versions. The outdated Linux kernel (2.6.16.6) allows privilege escalation post-authentication.