Hardcoded Admin Account Vulnerability in Nokia Fastmile Devices by Optus
CVE-2022-36222

8.4HIGH

Key Information:

Vendor: Nokia
Status: Fastmile Firmware
Vendor: CVE Published:; 21 December 2022

What is CVE-2022-36222?

Nokia Fastmile 3tg00118abad52 devices shipped by Optus come with a default hardcoded admin account, allowing unauthorized local access to the web admin interface. This security flaw potentially exposes the devices to various attacks, making it critical for users to change the default credentials immediately to enhance their security posture.

References

https://eddiez.me/hacking-the-nokia-fastmile-pt2/#identic...

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 21, 2022
Vulnerability Reserved
Jul 18, 2022

JSON