Root Password Found in Ceragon Microwave Bridges

An undocumented default root password was discovered in Ceragon Networks microwave bridges that facilitate wireless voice and data services.

The Department of Homeland security warned users of Ceragon Networks microwave bridges that the devices contain an undocumented root password.

The advisory said Ceragon FibeAir IP-10 Microwave Bridges can be accessed remotely.

“The root account can be accessed through ssh, telnet, command line interface, or via HTTP,” the advisory said.

The bridges are used in a number of industries, including oil and gas, utilities, the public sector and in enterprise implementations. They’re used to provide wireless connectivity for long-haul transportation, delivering data and voice services, or to connect remote field locations with centralized monitoring and management systems.

“A remote, unauthenticated attacker may be able to gain administrative privileges on the device,” the DHS advisory said.

The CERT Coordination Center at Carnegie Mellon University said it was not aware of a “practical solution,” and that multiple requests to reach the vendor for a response were not successful.

Threatpost reached out to a media contact at Ceragon, but the request was not returned in time for publication.

The advisory said the vulnerability was disclosed to Ceragon Networks on Oct. 27; the vulnerability was given the highest common vulnerability scoring system rating of 10.0.

According to the Ceragon website, the FibeAir IP-10 bridge is a rugged single box designed to operate in poor weather conditions. They’re generally installed on towers, rooftops and mobile cell sites.

Default root passwords are a massive security no-no and seem to particularly plague industrial control systems, SCADA gear and rugged equipment deployed in manufacturing and utility environments.

The problem, especially with Internet-connected devices, is that they’ discoverable online. Attackers and researchers alike have been able to use the Shodan search engine and other Internet-wide scanning tools such as HD Moore’s Project Sonar to identify servers, networking gear and more. Users can filter Shodan searches, for example, to find specific equipment by manufacturer, function and even where they’re located geographically.

Suggested articles