Hardcoded Accounts Allow Full Takeover of Technicolor Routers

Multiple hardcoded credentials found on the Technicolor TG670 DSL gateway router allow attackers to completely take over devices, the CERT Coordination Center (CERT/CC) warns.

A broadband router for small offices and home offices, the Technicolor TG670 router allows administrators to authenticate over HTTP, SSH, or Telnet.

With the remote management functionality enabled, users gain complete administrative control over the router, which is not uncommon for SOHO routers.

According to a CERT/CC advisory, however, Technicolor TG670 DSL gateway routers running firmware version 10.5.N.9 contain multiple hardcoded service accounts that provide full administrative access to the device, over WAN.

On impacted devices with the remote administration feature enabled, CERT/CC says, access is also possible from external network interfaces, such as the internet.

“This account seems to have full administrative access to modify the device settings. Additionally, it appears that this account is not documented and cannot be disabled or removed from the device,” the CERT/CC advisory reads.

An attacker with knowledge of the default username and password for a hardcoded account can authenticate remotely and then “modify any of the administrative settings of the router and use it in unexpected ways”, CERT/CC notes.

Advertisement. Scroll to continue reading.

The remote administration function is enabled by default on the impacted routers, Code White security researcher Florian Hauser, who identified the hardcoded accounts, says.

Technicolor TG670 DSL gateway router users are advised to disable remote administration on their devices, to prevent potential exploitation attempts.

They are also encouraged to check with their service providers for the availability of security updates that address this vulnerability, which is tracked as CVE-2023-31808.

However, CERT/CC notes that Technicolor has not responded to its attempts to establish a communication channel, and it is unclear whether patches that address the hardcoded credentials were released.

SecurityWeek has emailed Technicolor for a statement on the matter and will update this article as soon as a reply arrives.

Related: PoC Exploit Published for Recent Ubiquiti EdgeRouter Vulnerability

Related: Asus Patches Highly Critical WiFi Router Flaws

Related: Details Disclosed for Exploit Chain That Allows Hacking of Netgear Routers

https://www.securityweek.com/hardcoded-accounts-allow-full-takeover-of-technicolor-routers/