CVE-2004-1321

Vulnerability

Asante FM2008 managed Ethernet switch running firmware version v01.06 stores username and password credentials in cleartext within the configuration backup file [1]. The backup is generated via the Web browser interface using TFTP and is not encrypted or obscured in any way [1]. This exposes all credentials, including a hard-coded backdoor account (superuser/asante) that provides CLI access via Telnet or serial port [1].

Exploitation

An attacker with network access to the switch's management interface and the ability to trigger a TFTP backup (or intercept one) can obtain the configuration backup file [1]. The backup contains the cleartext username and password [1]. No authentication is required to read the file once obtained, and the attacker can then use the extracted credentials to log in via Telnet, serial, or HTTP [1].

Impact

Successful exploitation allows an attacker to gain administrative access to the switch, leading to full control over the device's configuration and network operations [1]. This can result in unauthorized network access, traffic interception, or denial of service [1].

Mitigation

As of the available references (2004-12-15), no firmware update or vendor advisory has been published to address this issue [1]. The recommended mitigation is to restrict network access to the switch's management interfaces, disable TFTP backup if not needed, and monitor for unauthorized configuration file transfers [1]. The device is likely end-of-life; users should consider replacing it with a supported model.