cvedb.io
CVE-2018-18473
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2019-03-21T16:00:28.467 · Last modified 2026-06-17T01:47:21.553

Summary

A hidden backdoor on PATLITE NH-FB Series devices with firmware version 1.45 or earlier, NH-FV Series devices with firmware version 1.10 or earlier, and NBM Series devices with firmware version 1.09 or earlier allow attackers to enable an SSH daemon via the "kankichi" or "kamiyo4" password to the _secret1.htm URI. Subsequently, the default password of root for the root account allows an attacker to conduct remote code execution and as a result take over the system.

Affected products

patlite — nbm-d88n_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when patlite ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.