Use of hardcoded password (backdoor) in SDS 1202X-E

#VU16229 Use of hardcoded password (backdoor) in SDS 1202X-E

Published: 2018-12-04

Vulnerability identifier: #VU16229

Vulnerability risk: High

CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: N/A

CWE-ID: CWE-259

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
SDS 1202X-E
Hardware solutions / Firmware

Vendor: Siglent Technology

Description

The vulnerability allows a remote attacker to gain full access to the affected system.

The vulnerability exists due to the password hashes are hardcoded and are difficult to change because the “shadow” file is stored on a cramfs (intentionally write-only) file system. A remote unauthenticated attacker can connect as root to the oscilloscope via LAN when Telnet service is listening on port 23.

Mitigation
Cybersecurity Help is currently unaware of any official solutions to address the vulnerability.

Vulnerable software versions

SDS 1202X-E: 5.1.3.13

External links
http://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-siglent-technologies-sds-...

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Siglent SDS 1202X-E