BlackBox iCompel, and ONELAN NTB Units Security issue (CVE 2019-15497)

[Frank Barton <bartonf () HUSSON EDU>]

Please forgive the cross-posting, but I wanted to let folks know about a
security issue with the BlackBox iCompel and ONELAN Net-Top-Box systems.
(The systems share the same code-base)

In May of this year, I discovered that the units all ship with identical
default usernames and password including for the 'root' user that is
accessible over SSH. After disclosing this to the vendors, and discussing
it with their development team, Today I have posted disclosure of this as
CVE 2019-15497

Details can be found at
https://experiencesofasysadmin.wordpress.com/2019/08/23/cve-2019-15497-default-credentials/

The long and the short of it is: If you have these units, make sure that
you have changed all of the passwords, and you should probably also keep
them off the internet, and segmented away from your normal network.

Thank You
Frank

-- 
Frank Barton, MBA
Security+, ACMT, MCP
IT Systems Administrator
Husson University

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community