CVE-2012-2441

RuggedCom ROS <3.3 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2441. PoCs published by jc.

AI-analyzed exploit summary The exploit reveals an undocumented backdoor account in RuggedCom's Rugged Operating System (ROS) with a dynamically generated password based on the device's MAC address. The provided Perl script calculates the password, allowing unauthorized access to the 'factory' account.

Description

RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) SSH or (2) HTTPS session, a different vulnerability than CVE-2012-1803.

Exploits (1)

exploitdb WORKING POC

by jc · textremotehardware

https://www.exploit-db.com/exploits/18779

View Code ZIP pw:eip

The exploit reveals an undocumented backdoor account in RuggedCom's Rugged Operating System (ROS) with a dynamically generated password based on the device's MAC address. The provided Perl script calculates the password, allowing unauthorized access to the 'factory' account.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: RuggedCom Rugged Operating System (ROS) (all versions)

No auth needed

Prerequisites: Device MAC address

MITRE ATT&CK