Default SSH Keys in Meinberg SyncBox/PTP/PTPv2 Devices Allow Root Access

Default SSH Keys in Meinberg SyncBox/PTP/PTPv2 Devices Allow Root Access

CVE-2019-17584 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which allow attackers to get root access to the devices. All firmware versions up to v5.34o, v5.34s, v5.32* or 5.34g are affected. The private key is also used in an internal interface of another Meinberg Device and can be extracted from a firmware update of this device. An update to fix the vulnerability was published by the vendor.

Learn more about our Internal Network Penetration Testing.