CVSS Base Vector:
The internet radio products of TELESTAR-DIGITAL GmbH have an undocumented Telnet service
with default credentials enabled.
TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150,
Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 devices are known to be
affected. Other devices and vendors might be affected as well.
This issue may only be exploited by an attacker a root shell on the device.
Connect to the Telnet service and try to login with default credentials.
It was possible to login with the telnet credentials 'root:password'.
The vendor has released the firmware update TN81HH96-g102h-g103**a*-fb21a-3624
which is disabling the telnet service and removing the default password.
NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)