#VU26285 Use of hard-coded credentials in Merit LILIN Ent. Co., Ltd. Hardware solutions


Published: 2020-03-21

Vulnerability identifier: #VU26285

Vulnerability risk: Critical

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-798

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
DHD516A
Hardware solutions / Office equipment, IP-phones, print servers
DHD508A
Hardware solutions / Office equipment, IP-phones, print servers
DHD504A
Hardware solutions / Office equipment, IP-phones, print servers
DHD316A
Hardware solutions / Office equipment, IP-phones, print servers
DHD308A
Hardware solutions / Office equipment, IP-phones, print servers
DHD304A
Hardware solutions / Office equipment, IP-phones, print servers
DHD204
Hardware solutions / Office equipment, IP-phones, print servers
DHD204A
Hardware solutions / Office equipment, IP-phones, print servers
DHD208
Hardware solutions / Office equipment, IP-phones, print servers
DHD208A
Hardware solutions / Office equipment, IP-phones, print servers
DHD216
Hardware solutions / Office equipment, IP-phones, print servers
DHD216A
Hardware solutions / Office equipment, IP-phones, print servers

Vendor: Merit LILIN Ent. Co., Ltd.

Description

The vulnerability allows a remote attacker to gain full access to vulnerable system.

The vulnerability exists due to presence of hard-coded credentials in application code. A remote unauthenticated attacker can access the affected system using the hard-coded credentials.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Hard-coded accounts:

root/icatch99
report/8Jg0SR8K50

Note, this vulnerability is being actively exploited in the wild since August 2019.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

DHD516A: 2.0b1_20180828

DHD508A: 2.0b1_20180828

DHD504A: 2.0b1_20190417 - 2.0b1_20191202

DHD316A: 2.0b1_20171128 - 2.0b1_20180828

DHD308A: 2.0b1_20180828

DHD304A: 2.0b1_20180828

DHD204: 1.06_20151201

DHD204A: 2.0b60_20160223 - 2.0b60_20161123

DHD208: 2.0b60_20160504

DHD208A: 2.0b60_20160223 - 2.0b60_20161123

DHD216: 2.0b60_20151111

DHD216A: 2.0b60_20160223 - 2.0b60_20161123

External links
http://blog.netlab.360.com/multiple-botnets-are-spreading-using-lilin-dvr-0-day-en/
http://www.meritlilin.com/tw/support/file/type/Firmware
http://www.meritlilin.com/assets/uploads/support/file/M00158-TW.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Merit LILIN DVR devices