VU#360686: Digigram PYKO-OUT audio-over-IP (AoIP) does not require a password by default
Digigram's PYKO-OUT audio-over-IP product is used for audio decoding and has various applications. The product has hardware features such as analog mono outputs and a USB port. By default, the product to be accessed without a password, making it vulnerable to attacks. When connected to the Internet, the device can be accessed by attackers, allowing them to pivot to adjacent connected devices or compromise the device's functionality. Digigram is an audio-based hardware and software vendor that sells the PYKO-OUT product. A vulnerability has been discovered in the product's web-server component, which does not require login information or a password-less access. An attacker can access the device's configuration, control audio outputs and inputs, and potentially access other connected devices. Digigram has marked the product as end-of-life and will not provide a patch to change the default configuration. Users can alter the password settings within the web server UI to secure the device. The product is no longer being sold by Digigram.