Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Hardcoded Accounts Allow Full Takeover of Technicolor Routers

Multiple hardcoded accounts on the Technicolor TG670 DSL gateway router can be used to completely take over the impacted devices.

Multiple hardcoded credentials found on the Technicolor TG670 DSL gateway router allow attackers to completely take over devices, the CERT Coordination Center (CERT/CC) warns.

A broadband router for small offices and home offices, the Technicolor TG670 router allows administrators to authenticate over HTTP, SSH, or Telnet.

With the remote management functionality enabled, users gain complete administrative control over the router, which is not uncommon for SOHO routers.

According to a CERT/CC advisory, however, Technicolor TG670 DSL gateway routers running firmware version 10.5.N.9 contain multiple hardcoded service accounts that provide full administrative access to the device, over WAN.

On impacted devices with the remote administration feature enabled, CERT/CC says, access is also possible from external network interfaces, such as the internet.

“This account seems to have full administrative access to modify the device settings. Additionally, it appears that this account is not documented and cannot be disabled or removed from the device,” the CERT/CC advisory reads.

An attacker with knowledge of the default username and password for a hardcoded account can authenticate remotely and then “modify any of the administrative settings of the router and use it in unexpected ways”, CERT/CC notes.

The remote administration function is enabled by default on the impacted routers, Code White security researcher Florian Hauser, who identified the hardcoded accounts, says.

Advertisement. Scroll to continue reading.

Technicolor TG670 DSL gateway router users are advised to disable remote administration on their devices, to prevent potential exploitation attempts.

They are also encouraged to check with their service providers for the availability of security updates that address this vulnerability, which is tracked as CVE-2023-31808.

However, CERT/CC notes that Technicolor has not responded to its attempts to establish a communication channel, and it is unclear whether patches that address the hardcoded credentials were released.

SecurityWeek has emailed Technicolor for a statement on the matter and will update this article as soon as a reply arrives.

Related: PoC Exploit Published for Recent Ubiquiti EdgeRouter Vulnerability

Related: Asus Patches Highly Critical WiFi Router Flaws

Related: Details Disclosed for Exploit Chain That Allows Hacking of Netgear Routers

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Matthew Cowell has assumed the role of VP of Strategic Alliances at Nozomi Networks. He previously served in the same role at Dragos.

Bret Arsenault is retiring from his full-time role after 35 years at Microsoft.

Social engineering defense platform Doppel has appointed Bobby Ford as Chief Strategy and Experience Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.