Ceragon FibeAir IP-10 7.2.0 Hidden User Backdoor

`[+] Credits: Ian Ling  
[+] Website: iancaling.com  
[+] Source: http://blog.iancaling.com/post/160817658078  
  
Vendor:  
=================  
https://www.ceragon.com  
  
  
Products:  
======================  
Ceragon FibeAir IP-10 (<=7.2.0) (latest version)  
  
  
Vulnerability Types:  
===================  
Hidden User Backdoor  
  
  
Vulnerability Details:  
=====================  
Ceragon FibeAir IP-10 wireless radios contain a hidden user account with   
a default password set by the vendor. This user can be accessed via both   
the web interface and SSH. In the web interface, this simply grants an   
attacker read-only access to the deviceas settings. However, when using   
SSH, this user gives an attacker access to a Linux shell.  
  
While the mateidu user does not have root privileges in the Linux shell,   
these devices run an outdated Linux kernel that may be vulnerable to   
privilege escalation exploits.  
  
The vendor recommends that users alog as mateidu user and change the   
password via the GUI this will close the old internal protection port   
access. [sic]a  
  
The mateidu useras password is the same as its username.  
  
This vulnerability is similar to CVE-2015-0936, which detailed the   
discovery of an RSA key pair that allowed an attacker to log in as the   
mateidu user via SSH.  
  
  
Disclosure Timeline:  
===================================  
2017/05/12 - Contacted vendor  
2017/05/14 - Vendor acknowledges report  
2017/05/16 - Vendor sends their recommendation  
2017/05/18 - Publicly disclosed  
  
  
`