Use of hardcoded password (backdoor) in SDS 1202X-E - #VU16229
Published: December 4, 2018
Vulnerability identifier: #VU16229
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: N/A
CWE-ID: CWE-259
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Siglent Technology
Affected software:
SDS 1202X-E
SDS 1202X-E
Detailed vulnerability description
The vulnerability allows a remote attacker to gain full access to the affected system.
The vulnerability exists due to the password hashes are hardcoded and are difficult to change because the “shadow” file is stored on a cramfs (intentionally write-only) file system. A remote unauthenticated attacker can connect as root to the oscilloscope via LAN when Telnet service is listening on port 23.
Remediation
Cybersecurity Help is currently unaware of any official solutions to address the vulnerability.