Title: Beck IPC GmbH IPC@CHIP Ftpd Default Account Privileges Vulnerability
Severity: CRITICAL
Description:
IPC@CHIP is a single chip embedded web server by Beck IPC GmbH.
A vulnerability exists in the Ftpd server of IPC@CHIP which could enable a user to gain full privileges.
The device's inbuilt Ftpd service is factory configured with a DEFAULT account. If the 'anonymous' account is used to log in, the service will grant full privileges.
If the device is not properly configured during installation, including the creation of at least two new user accounts, this vulnerability may allow a remote user to connect to the device, log in under 'anonymous' and perform administrative funcitons.
Successful exploitation of this vulnerabilty could lead to a complete compromise of the host.
Affected Products:
- Beck IPC GmbH IPC@CHIP Embedded-Webserver
References:
- Beck IPC GmbH: IPC@CHIP Product Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
