CVE-2020-26097
CRITICALPLANET NVR-915 and NVR-1615 - Use of Hard-coded Credentials
Title source: llmDescription
The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the device is possible. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.sec-research.com/1604584604-hard-coded-credentials-in-netzwerk-videorekorder-planet-nvr-915.html
Scores
CVSS v3
9.8
EPSS
0.0182
EPSS Percentile
76.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (2)
planet/nvr-1615_firmware
planet/nvr-915_firmware
Published
Nov 18, 2020
Tracked Since
Feb 18, 2026