Title: An access control vulnerability in Hame SD1 Wi-Fi
Vendor of the product(s):HAME
Product:Hame SD1 Wi-Fi Product
Version:V. 20140224154640
Vulnerability information:
A broken access control vulnerability (weak password) in HAME SD1 wifi, Firmware version <=v.20140224154640 allows an attacker to easily perform brute-force attack to access telnet service and obtain system administrator privilege.
According to OWASP IoT TOP 10 2018:
No1. Weak, Guessable, or Hardcoded Passwords Use of easily brute-forced, publicly available, or unchangeable credentials, including backdoors in firmware or client software that grants unauthorized access to deployed systems.
PoC:
Using NMAP to scan target device, and found telnet service was open (port 23).
Using Hydra to perform a brute-force attack to get login account and password. (weak password)
Logging in via telnet with the above account and password to obtain system administrator privileges.
