search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Hard-coded credentials in Technicolor TG670 DSL gateway router

Vulnerability Note VU#913565

Original Release Date: 2023-07-11 | Last Revised: 2023-07-12

Overview

The Technicolor TG670 DSL Gateway Router includes a hard-coded service account that allows for authentication over services on the WAN interface, using HTTP, SSH, or TELNET. The authenticated user can use it to gain full administrative control of the router.

Description

A hard-coded password refers to an unchangeable password that is stored within a device or an application. This type of password carries a significant risk as it can be exploited by malware or hackers to gain unauthorized access to devices and systems, enabling them to engage in malicious activities. In certain cases, a hard-coded account may possess administrative privileges, granting complete control over a device through an account that cannot be modified or deactivated.

Recently, it was uncovered that the Technicolor TG670 DSL Gateway Router with firmware version 10.5.N.9. contains more than one hard-coded service account. These particular accounts allow full administrative access to the device via the WAN interface. If Remote Administration is enabled, the device can be remotely accessed from an external network interface, such as the Internet. This account seems to have full administrative access to modify the device settings. Additionally, it appears that this account is not documented and cannot be disabled or removed from the device.

Impact

A remote attacker can use the default username and password to login as the administrator to the router device. This allows the attacker to modify any of the administrative settings of the router and use it in unexpected ways. This requires Remote Administration is enabled on the router, which is the default settings as observed by the CODE WHITE security researcher Florian Hauser.

Solution

It is recommended that you check with your service provider for appropriate patches and updates are available to resolve the hard-coded credentials stored on the devices. As a precaution, it is also recommended that you disable Remote Administration (WAN side administration), when not needed to reduce the risk of abuse of this service account.

Acknowledgements

Thanks to Florian Hauser from CODE WHITE for reporting this vulnerability.

This document was written by Timur Snoke.

Vendor Information

913565
 
Expand all

Technicolor Unknown

Notified:  2023-02-20 Updated: 2023-07-11

CVE-2023-31808 Unknown

Vendor Statement

We have not received a statement from the vendor.


References

Other Information

CVE IDs: CVE-2023-31808
API URL: VINCE JSON | CSAF
Date Public: 2023-07-11
Date First Published: 2023-07-11
Date Last Updated: 2023-07-12 13:20 UTC
Document Revision: 2

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis