By exploiting the undocumented service access, it is possible to change the settings of a device and access web-based management with administrator privileges. An attacker can exploit this vulnerability to lock other users out from the device or open closed network ports. It is also possible to use this service access as an FTP user and exchange or delete the application.
Use of hard coded credentials
Series 750-88x and 750-87x
Vendor recommends updating to the newest firmware and taking the following defensive measures: