Headline
CVE-2023-2645: testrouter/README.md at main · wswokao/testrouter
A vulnerability, which was classified as critical, was found in USR USR-G806 1.0.41. Affected is an unknown function of the component Web Management Page. The manipulation of the argument username/password with the input root leads to use of hard-coded password. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-228774 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
There are characters networking industrial USR-G806 router firmware V1.0.41 device exists default weak password
After testing, it was found that someone industrial router V1.0.41Web page has a default weak password root/root After querying, web management default password, incomplete statistics, by searching fofa keyword app="USR-G806" found 28,000 related devices Some of these systems have a root default password, and the same series of products have an admin default password
In addition, the device is open to ssh service by default, there is also a weak password by default
ssh weak password root/root
The device is open for telnet service by default telnet weak password root/root Internet this model device has more than 8000 presence telnet open Some devices also have telent weak passwords