CVE-2018-12072
Description
An issue was discovered in Cloud Media Popcorn A-200 03-05-130708-21-POP-411-000 firmware. It is configured to provide TELNET remote access (without a password) that pops a shell as root. If an attacker can connect to port 23 on the device, he can completely compromise it.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cloud Media Popcorn A-200 firmware exposes an unauthenticated TELNET shell as root on port 23.
Vulnerability
Cloud Media Popcorn A-200 media player running firmware version 03-05-130708-21-POP-411-000 exposes the TELNET service on TCP port 23 without requiring any authentication. The service immediately spawns a shell with root privileges upon connection. No special configuration or user interaction is needed to trigger this behavior [1].
Exploitation
An attacker only needs network access to the device's port 23. No prior authentication, credentials, or user interaction are required. Simply connecting to the TELNET port with a standard TELNET client results in a root shell being presented [1].
Impact
Successful exploitation grants the attacker full root-level command execution on the device, leading to complete compromise of the Popcorn A-200. This includes unauthorized access to all data, ability to modify firmware, and potential use of the device as a pivot point in the network [1].
Mitigation
The firmware version 03-05-130708-21-POP-411-000 is affected and no newer patch or fixed version is mentioned in the available references. Users should disable the TELNET service if possible, block port 23 at the network perimeter, or isolate the device on a trusted network. The vendor Cloud Media has not released a fix to date [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: = 03-05-130708-21-POP-411-000 firmware
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- gist.github.com/freetom/2a446a226d0e98807c8b0c1111ef2defmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.