Headline
CVE-2023-5028: 中国联通家用网关
A vulnerability, which was classified as problematic, has been found in China Unicom TEWA-800G 4.16L.04_CT2015_Yueme. Affected by this issue is some unknown functionality. The manipulation leads to information exposure through debug log file. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-239870 is the identifier assigned to this vulnerability.
China Unicom gateway has information leakage vulnerability. Device name: Gigabit passive optical fiber access client equipment (GPON ONU) China Unicom home gateway TEWA-800G
- Debug by disassembling the equipment and connecting the UART serial port with a TTL cable
- Use the putty tool to select the com port and connect the device for debugging
- After successful connection, the console prints the current device log
- However, during the log printing process, the default password of the device will be printed in clear text
- 5.By comparing the default password on the back of the console and device, it was found that the password is completely consistent, indicating that the password will be displayed in clear text during the console printing stage
中国联通网关存在信息泄露漏洞 设备名称:吉比特无源光纤接入用户端设备(GPON ONU) 中国联通家用网关TEWA-800G 1.通过拆解设备,使用TTL线连接UART串口进行调试 2.使用putty工具选择com口并连接设备调试 3.在连接成功后,控制台打印当前设备日志 4.但在打印日志过程中会把设备的默认密码以明文形式打印出来 5.通过把控制台和设备背面默认密码作比对,发现密码完全一致,由此可得在控制台打印阶段会将密码明文展示出来