Headline
CVE-2023-33745: RoomCast TA-2400 Cleartext Private Key
TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Privilege Management: from the shell available after an adb connection, simply entering the su command provides root access (without requiring a password).
The RoomCast TA-2400, versions 1.0-3.1+, has multiple critical security vulnerabilities, including clear-text storage of sensitive information within executables, improper access control, improper privilege management, and the use of hard-coded passwords. Uniting these vulnerabilities paves the way for a complete compromise of the device and, in turn, exposes clients to direct threats from those exploiting the compromised unit.