The report details SQL injection, command injection, privilege escalation, local file inclusion, cross-site scripting, account hijacks and hard-coded credentials affecting two Riverbed virtual appliances: the SteelCentral NetProfiler, and NetExpress.
The bugs can be chained together to obtain unauthenticated remote code execution as the root user, the advisory states.
Riverbed pushed out a patch earlier this month, to version 10.9.0 for both NetProfiler and NetExpress, here.
Here's the TL;dr part
The SQL injection vulnerability allows an attacker to insert a user account without authentication, as a POST in the system's REST API, which is exposed from the main Web GUI login screen.
There are other post-authentication SQL injection vulnerabilities; and Security-Assessment's proof-of-concept shows how to exploit these to write malicious PHP and obtain remote code execution.
There are multiple cross-site scripting bugs in the systems' Web interfaces;
Accounts can be hijacked because system credentials are exposed in the password reset page source code; and
The system accounts mazu , dhcp and root all use bb!nmp4y as their default password.