Login Sign Up

CVE-2020-8001

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

The Intellian Aptus Android application version 1.0.2 contains a hardcoded FTP password 'intellian' for the masteruser account. This allows attackers to gain unauthorized access to FTP services on affected devices. All users running this specific Android application version are affected.

💻 Affected Systems

Products:
  • Intellian Aptus
Versions: 1.0.2
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects the Android application version 1.0.2. The hardcoded password is embedded in the application code.

📦 What is this software?

Aptus by Intelliantech

View all CVEs affecting Aptus →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the FTP service allowing unauthorized file upload/download, potential data exfiltration, and possible lateral movement if FTP access leads to further system exploitation.

🟠

Likely Case

Unauthorized access to FTP services leading to data theft, file manipulation, or service disruption.

🟢

If Mitigated

Limited impact if FTP service is disabled or network access is restricted, though the vulnerability remains present in the application.

🌐 Internet-Facing: HIGH if FTP service is exposed to the internet, as the hardcoded credentials are publicly known.
🏢 Internal Only: MEDIUM for internal networks, as attackers with internal access could exploit the credentials.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only knowledge of the hardcoded password and network access to the FTP service. The vulnerability details are publicly documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No vendor advisory found

Restart Required: No

Instructions:

No official patch available. Users should upgrade to a newer version if available, or discontinue use of the vulnerable application.

🔧 Temporary Workarounds

Disable FTP Service

all

Disable or block FTP services on affected devices to prevent exploitation.

Network Segmentation

all

Restrict network access to FTP services using firewalls or network segmentation.

🧯 If You Can't Patch

  • Remove the application from all devices
  • Implement strict network controls to isolate affected devices

🔍 How to Verify

Check if Vulnerable:

Check application version in Android settings. If version is 1.0.2, the device is vulnerable.

Check Version:

Check Android application manager or settings for 'Intellian Aptus' version information.

Verify Fix Applied:

Verify application has been updated to a version newer than 1.0.2, or that the application has been removed.

📡 Detection & Monitoring

Log Indicators:

  • Failed FTP authentication attempts, successful logins with 'masteruser' account, unusual file transfers via FTP

Network Indicators:

  • FTP traffic to/from Android devices running Intellian Aptus, connections using 'masteruser' account

SIEM Query:

Search for FTP events with username 'masteruser' or source/destination IPs associated with Android devices running Intellian Aptus.

📊 Metadata

CVE ID: CVE-2020-8001
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-798
Published: January 27, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-8001, you might also want to check these:

CVE-2025-20188 10.0

This critical vulnerability in Cisco IOS XE Wireless LAN Controllers allows unauthenticated remote a...

Same vulnerability type (CWE-798)
CVE-2026-22769 10.0

Dell RecoverPoint for Virtual Machines versions before 6.0.3.1 HF1 contain hardcoded credentials tha...

Same vulnerability type (CWE-798)
CVE-2021-0248 10.0

This vulnerability involves hard-coded credentials in Juniper Junos OS on NFX Series devices, allowi...

Same vulnerability type (CWE-798)