Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-31808: CERT/CC Vulnerability Note VU#913565

Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Administration is enabled.

CVE
#vulnerability#js#hard_coded_credentials#auth#ssh#telnet

Overview

The Technicolor TG670 DSL Gateway Router includes a hard-coded service account that allows for authentication over services on the WAN interface, using HTTP, SSH, or TELNET. The authenticated user can use it to gain full administrative control of the router.

Description

A hard-coded password refers to an unchangeable password that is stored within a device or an application. This type of password carries a significant risk as it can be exploited by malware or hackers to gain unauthorized access to devices and systems, enabling them to engage in malicious activities. In certain cases, a hard-coded account may possess administrative privileges, granting complete control over a device through an account that cannot be modified or deactivated.

Recently, it was uncovered that the Technicolor TG670 DSL Gateway Router with firmware version 10.5.N.9. contains more than one hard-coded service account. These particular accounts allow full administrative access to the device via the WAN interface. If Remote Administration is enabled, the device can be remotely accessed from an external network interface, such as the Internet. This account seems to have full administrative access to modify the device settings. Additionally, it appears that this account is not documented and cannot be disabled or removed from the device.

Impact

A remote attacker can use the default username and password to login as the administrator to the router device. This allows the attacker to modify any of the administrative settings of the router and use it in unexpected ways. This requires Remote Administration is enabled on the router, which is the default settings as observed by the CODE WHITE security researcher Florian Hauser.

Solution

It is recommended that you check with your service provider for appropriate patches and updates are available to resolve the hard-coded credentials stored on the devices. As a precaution, it is also recommended that you disable Remote Administration (WAN side administration), when not needed to reduce the risk of abuse of this service account.

Acknowledgements

Thanks to Florian Hauser from CODE WHITE for reporting this vulnerability.

This document was written by Timur Snoke.

Vendor Information

Filter by content: Additional information available

Sort by:

References

  • https://www.technicolor.com/contact
  • https://www.pcworld.com/article/423267/some-routers-vulnerable-to-remote-hacking-due-to-hard-coded-admin-credentials.html
  • https://www.techtarget.com/searchsecurity/tip/How-hard-coded-credentials-threaten-industrial-control-systems

Other Information

CVE IDs:

CVE-2023-31808

API URL:

VINCE JSON | CSAF

Date Public:

2023-07-11

Date First Published:

2023-07-11

Date Last Updated:

2023-07-12 13:20 UTC

Document Revision:

2

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907