← Advisories

Cypress Solutions CTM-200/CTM-ONE Hard-coded Credentials Remote Root (Telnet/SSH)

Critical
Advisory ID
ZSL-2021-5686
Release Date
10 October 2021
Vendor
Cypress Solutions Inc. - https://www.cypress.bc.ca
Affected Version
CTM-ONE (1.3.6-latest), CTM-ONE (1.3.1), CTM-ONE (1.1.9), CTM200 (2.7.1.5659-latest), CTM200( 2.0.5.3356-184)
CVE
CVE-2021-47744
Tested On
GNU/Linux 4.1.15-1.2.0+g77f6154 (arm7l), GNU/Linux 2.6.32.25 (arm4tl), lighttpd/1.4.39, BusyBox v1.24.1, BusyBox v1.15.3
Summary

CTM-200 is the industrial cellular wireless gateway for fixed and mobile applications. The CTM-200 is a Linux based platform powered by ARM Cortex-A8 800 MHz superscalar processor. Its on-board standard features make the CTM-200 ideal for mobile fleet applications or fixed site office and SCADA communications.

CTM-ONE is the industrial LTE cellular wireless gateway for mobile and fixed applications. CTM-ONE is your next generation of gateway for fleet tracking and fixed sites.

Description

The CTM-200 and CTM-ONE are vulnerable to hard-coded credentials within their Linux distribution image. This weakness can lead to the exposure of resources or functionality to unintended actors, providing attackers with sensitive information including executing arbitrary code.

Proof of Concept
cypress_ssh.pyTXT
Disclosure Timeline
21.09.2021Vulnerability discovered.
23.09.2021Vendor contacted.
09.10.2021No response from the vendor.
10.10.2021Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://www.zeroscience.mk/#/advisories/ZSL-2018-5479
[2]https://www.exploit-db.com/exploits/50407
[3]https://packetstormsecurity.com/files/164466
[4]https://cxsecurity.com/issue/WLB-2021100052
[5]https://exchange.xforce.ibmcloud.com/vulnerabilities/211080
[6]https://www.cve.org/CVERecord?id=CVE-2021-47744
Changelog
10.10.2021Initial release
13.10.2021Added reference [2], [3], [4] and [5]
23.03.2026Added reference [6]