Login Sign Up

CVE-2020-26097

9.8 CRITICAL

📋 TL;DR

This CVE involves hard-coded default credentials in PLANET NVR devices that allow root access via telnet. If telnet is exposed to the Internet, attackers can gain complete control of affected devices. This vulnerability only affects products that are no longer supported by the manufacturer.

💻 Affected Systems

Products:
  • PLANET Technology Corp NVR-915
  • PLANET Technology Corp NVR-1615
Versions: All versions before 2020-10-28
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects products no longer supported by the manufacturer. Vulnerability exists in default configuration.

📦 What is this software?

Nvr 1615 Firmware by Planet

View all CVEs affecting Nvr 1615 Firmware →

Nvr 915 Firmware by Planet

View all CVEs affecting Nvr 915 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the NVR system, allowing attackers to view/manipulate surveillance footage, use device as pivot point into internal networks, or deploy ransomware/malware.

🟠

Likely Case

Unauthorized access to surveillance systems, data exfiltration, or device being added to botnets for DDoS attacks.

🟢

If Mitigated

Limited to internal network access attempts if telnet is properly firewalled.

🌐 Internet-Facing: HIGH - Telnet exposed to Internet with default root credentials provides trivial remote access.
🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only telnet access and knowledge of default credentials. No authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

No official patch available as products are end-of-life. Consider replacing with supported hardware.

🔧 Temporary Workarounds

Disable Telnet Service

all

Completely disable telnet service on affected devices

Check device administration interface for telnet disable option

Change Default Credentials

linux

Change root password if device allows password modification

passwd root (if shell access available)

🧯 If You Can't Patch

  • Isolate devices on separate VLAN with strict firewall rules blocking telnet (port 23) from all networks
  • Implement network segmentation and ensure devices are not directly internet-facing

🔍 How to Verify

Check if Vulnerable:

Attempt telnet connection to device port 23 and try default credentials. Check device firmware version against affected range.

Check Version:

Check device web interface or console for firmware version information

Verify Fix Applied:

Verify telnet service is disabled or inaccessible. Test that default credentials no longer work.

📡 Detection & Monitoring

Log Indicators:

  • Failed/successful telnet authentication attempts
  • Multiple root login attempts via telnet

Network Indicators:

  • Telnet connections to port 23 from external IPs
  • Unusual outbound connections from NVR devices

SIEM Query:

source_port=23 AND (event_type="authentication" OR event_type="connection")

📊 Metadata

CVE ID: CVE-2020-26097
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-798
Published: November 18, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-26097, you might also want to check these:

CVE-2025-20188 10.0

This critical vulnerability in Cisco IOS XE Wireless LAN Controllers allows unauthenticated remote a...

Same vulnerability type (CWE-798)
CVE-2026-22769 10.0

Dell RecoverPoint for Virtual Machines versions before 6.0.3.1 HF1 contain hardcoded credentials tha...

Same vulnerability type (CWE-798)
CVE-2021-0248 10.0

This vulnerability involves hard-coded credentials in Juniper Junos OS on NFX Series devices, allowi...

Same vulnerability type (CWE-798)