Security Advisory

CVE-2019-9160

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-04-18 21:58:00

Last updated 2024-08-04 21:38:46

Assigner mitre

State PUBLISHED

Description

WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root (because the password for root is the WebUI admin password concatenated with a static string).

← Browse all CVEs View on cve.org ↗