RuggedCom Rugged Operating System (ROS), used in RuggedCom network infrastructure devices, contains a hard-coded user account with a predictable password.
This user account cannot be manually disabled. An attacker who successfully guesses the password may be able to gain complete administrative control of the ROS device.
As a workaround, RuggedCom has recommended disabling the rsh service and setting the number of telnet connections allowed to 0.
For more information, please see US-CERT Vulnerability Note VU#889195.
This product is provided subject to this Notification and this Privacy & Use policy.