Home
Description
An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an SSH server accessible over the default port 22. The root account has a weak default password of ionadmin, and a password change policy for the root account is not enforced. Thus, an attacker with network connectivity can achieve root code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
References
tools.thermofisher.cn/...rochures/One_Touch_2_Spec_Sheet.pdf
assets.thermofisher.com/...MAN0014388_IonOneTouch2Sys_UG.pdf
documents.thermofisher.com/...and_Torrent_Suite_Software.pdf
