Beware of Weak Credentials in Gessler GmbH WEB-MASTER Devices

CVECVE-2024-1039
CVSScvssV3_1: 9.8
SourceCVE-2024-1039

The Gessler GmbH WEB-MASTER device has been found to contain a vulnerability with high severity. According to CVE-2024-1039, it uses a hard-coded restoration account with weak credentials that could allow remote attackers to gain full control over the web management interface if exploited.

This affects the security of Gessler GmbH WEB-MASTER devices. The restoration account is meant for recovering the device configuration if needed. However, using weak hardcoded credentials makes it easy for attackers to access this account remotely without authorization. Once accessed, the attacker would have administrator privileges and be able to configure the device however they want, such as installing malware.

To launch attacks, hackers usually perform automated scans on the internet looking for devices with known factory default or weak credentials. Upon finding one, they try logging in with commonly used default passwords which often work. This allows them to easily take over unprotected devices.

To prevent this, Gessler GmbH device owners should update their devices to the latest firmware which fixes this vulnerability. They should also be sure to change all default passwords on the device to strong unique passwords that are difficult to guess. Enabling features like automatic firmware updates can keep devices protected continuously. Staying vigilant about cyber threats is key to protecting yourself and your data online.

References