Headline
CVE-2023-41010: China Telecom Tianyi Home Gateway TEWA‐700G
Insecure Permissions vulnerability in Sichuan Tianyi Kanghe Communication Co., Ltd China Telecom Tianyi Home Gateway v.TEWA-700G allows a local attacker to obtain sensitive information via the default password parameter.
China Telecom Tianyi Gateway Has Information Leakage Vulnerability Equipment name: JIBITE Passive Fiber Optic Access User Equipment (GPON ONU) China Telecom Tianyi Home Gateway TEWA-700G
- Debug by disassembling the equipment and connecting the UART serial port with a TTL cable
- Use the putty tool to select the com port and connect the device for debugging
- After successful connection, the console prints the current device log
- However, during the log printing process, the default password of the device will be printed in clear text 5.By comparing the default password on the back of the console and device, it was found that the password is completely consistent, indicating that the password will be displayed in clear text during the console printing stage
中国电信天翼网关存在信息泄露漏洞 设备名称:吉比特无源光纤接入用户端设备(GPON ONU) 中国电信天翼家用网关TEWA-700G
1.通过拆解设备,使用TTL线连接UART串口进行调试 2.使用putty工具选择com口并连接设备调试 3.在连接成功后,控制台打印当前设备日志 4.但在打印日志过程中会把设备的默认密码以明文形式打印出来 5.通过把控制台和设备背面默认密码作比对,发现密码完全一致,由此可得在控制台打印阶段会将密码明文展示出来