LiveActive security incident?Get immediate response
CVE Record

CVE-2021-47744: Cypress Solutions CTM-200/CTM-ONE 1.3.6 Hard-coded Credentials Remote Root

Cypress Solutions CTM-200/CTM-ONE 1.3.6 contains hard-coded credentials vulnerability in Linux distribution that exposes root access. Attackers can exploit the static 'Chameleon' password to gain remote root access via Telnet or SSH on affected devices.

CriticalCVSS 9.3Not KEV-listedUpdated
Glexia's TakeAutomated analysiscritical

Security readout for executives and security teams

Plain-English summary

This issue affects Cypress Solutions CTM-200/CTM-ONE devices identified as version 1.3.6. A built-in root credential can allow remote administrative access over Telnet or SSH. For organizations using these devices in operational networks, the main risk is unauthorized control of the device if management access is reachable.

Executive priority

Prioritize as critical for any organization using these devices in production or remote sites. The business concern is unauthorized device takeover, not just data exposure. Immediate focus should be asset identification, management-plane isolation, and vendor remediation confirmation.

Technical view

CVE-2021-47744 is a CWE-798 hard-coded credentials flaw. The public records describe unauthenticated remote root access through Telnet or SSH using a static credential in the device Linux distribution. CVSS v4.0 is 9.3. The provided data names CTM-200/CTM-ONE 1.3.6, while affected metadata is sparse.

Likely exposure

Exposure is most likely where Cypress CTM-200 or CTM-ONE 1.3.6 devices have Telnet or SSH reachable from untrusted networks. Risk is lower if management services are disabled, isolated, or limited to trusted administrative networks.

Exploitation context

A public ExploitDB reference and third-party advisories exist. The source bundle does not show CISA KEV listing or confirmed active exploitation. Treat internet-reachable Telnet or SSH on affected devices as high urgency due to remote root impact.

Researcher notes

The public source bundle supports remote root access via hard-coded credentials, but does not provide complete vendor affected-version metadata or a named patch. Avoid relying on the CVE affected field alone; correlate with device model, firmware, and third-party advisory details.

Mitigation direction

  • Identify any Cypress CTM-200 or CTM-ONE devices in the environment.
  • Check vendor guidance for patched firmware or official remediation.
  • Remove Telnet and SSH exposure from the internet and untrusted networks.
  • Restrict management access to trusted administrative networks or VPNs.
  • Disable Telnet or SSH where not operationally required.
  • Do not assume password rotation fixes a hard-coded credential issue.

Validation and detection

  • Confirm device model and firmware version against vendor records.
  • Determine whether Telnet or SSH is enabled on each device.
  • Verify management services are not reachable from untrusted networks.
  • Review device access logs for unexpected root or administrative access.
  • Track Cypress, CVE, VulnCheck, and Zero Science updates for remediation details.
Prepared
Confidence
medium
Sources
6

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · medium confidence lookup

CWE-798: Credential and account abuse lookup

Authentication and credential weaknesses can make valid-account abuse and credential telemetry useful review starting points. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
description · low confidence lookup

Credential and access behavior lookup

The CVE wording references authentication or credential exposure, so valid-account and credential-access review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2021-47744 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Critical
CVSS
9.3 (4.0)
Known Exploited
No
Published

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
0Timeline events
0ADP providers
5Source links

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
9.3CVSS 4.0CriticalCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NPrimary CVE score

Vulnerability scoring details

Base CVSS 4.0 score

9.3Critical
CVSS 4.0 vector shape for CVE-2021-47744Attack VectorAttack ComplexityAttack RequirementsPrivileges RequiredUser InteractionVS ConfidentialityVS IntegrityVS AvailabilitySS ConfidentialitySS IntegritySS Availability

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Attack Requirements
NonePresent
Privileges Required
NoneLowHigh
User Interaction
NonePassiveActive
VS Confidentiality
HighLowNone
VS Integrity
HighLowNone
VS Availability
HighLowNone
SS Confidentiality
HighLowNone
SS Integrity
HighLowNone
SS Availability
HighLowNone

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
CypressONE-Listed
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.

CWE-798 · source CWE mapping

Use of Hard-coded Credentials

Use of Hard-coded Credentials represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.