Executive Summary
| Summary | |
|---|---|
| Title | Hard-coded credentials in Technicolor TG670 DSL gateway router |
| Informations | |||
|---|---|---|---|
| Name | VU#913565 | First vendor Publication | 2023-07-11 |
| Vendor | VU-CERT | Last vendor Modification | 2023-07-12 |
| Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : | |||
|---|---|---|---|
| Cvss Base Score | N/A | Attack Range | N/A |
| Cvss Impact Score | N/A | Attack Complexity | N/A |
| Cvss Expoit Score | N/A | Authentication | N/A |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
OverviewThe Technicolor TG670 DSL Gateway Router includes a hard-coded service account that allows for authentication over services on the WAN interface, using HTTP, SSH, or TELNET. The authenticated user can use it to gain full administrative control of the router. DescriptionA hard-coded password refers to an unchangeable password that is stored within a device or an application. This type of password carries a significant risk as it can be exploited by malware or hackers to gain unauthorized access to devices and systems, enabling them to engage in malicious activities. In certain cases, a hard-coded account may possess administrative privileges, granting complete control over a device through an account that cannot be modified or deactivated. Recently, it was uncovered that the Technicolor TG670 DSL Gateway Router with firmware version 10.5.N.9. contains more than one hard-coded service account. These particular accounts allow full administrative access to the device via the WAN interface. If Remote Administration is enabled, the device can be remotely accessed from an external network interface, such as the Internet. This account seems to have full administrative access to modify the device settings. Additionally, it appears that this account is not documented and cannot be disabled or removed from the device. ImpactA remote attacker can use the default username and password to login as the administrator to the router device. This allows the attacker to modify any of the administrative settings of the router and use it in unexpected ways. This requires Remote Administration is enabled on the router, which is the default settings as observed by the CODE WHITE security researcher Florian Hauser. SolutionIt is recommended that you check with your service provider for appropriate patches and updates are available to resolve the hard-coded credentials stored on the devices. As a precaution, it is also recommended that you disable Remote Administration (WAN side administration), when not needed to reduce the risk of abuse of this service account. AcknowledgementsThanks to Florian Hauser from CODE WHITE for reporting this vulnerability. This document was written by Timur Snoke. |
Original Source
| Url : https://kb.cert.org/vuls/id/913565 |
Alert History
| Date | Informations |
|---|---|
| 2023-07-12 17:22:06 |
|
| 2023-07-11 17:22:05 |
|
