Connect with us

Hi, what are you looking for?


Network Security

Hardcoded Accounts Allow Full Takeover of Technicolor Routers

Multiple hardcoded accounts on the Technicolor TG670 DSL gateway router can be used to completely take over the impacted devices.

Multiple hardcoded credentials found on the Technicolor TG670 DSL gateway router allow attackers to completely take over devices, the CERT Coordination Center (CERT/CC) warns.

A broadband router for small offices and home offices, the Technicolor TG670 router allows administrators to authenticate over HTTP, SSH, or Telnet.

With the remote management functionality enabled, users gain complete administrative control over the router, which is not uncommon for SOHO routers.

According to a CERT/CC advisory, however, Technicolor TG670 DSL gateway routers running firmware version 10.5.N.9 contain multiple hardcoded service accounts that provide full administrative access to the device, over WAN.

On impacted devices with the remote administration feature enabled, CERT/CC says, access is also possible from external network interfaces, such as the internet.

“This account seems to have full administrative access to modify the device settings. Additionally, it appears that this account is not documented and cannot be disabled or removed from the device,” the CERT/CC advisory reads.

An attacker with knowledge of the default username and password for a hardcoded account can authenticate remotely and then “modify any of the administrative settings of the router and use it in unexpected ways”, CERT/CC notes.

Advertisement. Scroll to continue reading.

The remote administration function is enabled by default on the impacted routers, Code White security researcher Florian Hauser, who identified the hardcoded accounts, says.

Technicolor TG670 DSL gateway router users are advised to disable remote administration on their devices, to prevent potential exploitation attempts.

They are also encouraged to check with their service providers for the availability of security updates that address this vulnerability, which is tracked as CVE-2023-31808.

However, CERT/CC notes that Technicolor has not responded to its attempts to establish a communication channel, and it is unclear whether patches that address the hardcoded credentials were released.

SecurityWeek has emailed Technicolor for a statement on the matter and will update this article as soon as a reply arrives.

Related: PoC Exploit Published for Recent Ubiquiti EdgeRouter Vulnerability

Related: Asus Patches Highly Critical WiFi Router Flaws

Related: Details Disclosed for Exploit Chain That Allows Hacking of Netgear Routers

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...