[CVE-2021-26797] An access control vulnerability in Hame SD1 Wi-Fi

Title:  An access control vulnerability in Hame SD1 Wi-Fi

Vendor of the product(s)：HAME 

Product：Hame SD1 Wi-Fi Product 

Version：V. 20140224154640

Vulnerability information： 

A broken access control vulnerability (weak password) in HAME SD1 wifi, Firmware version <=v.20140224154640 allows an attacker to easily perform brute-force attack to access telnet service and obtain system administrator privilege. 

According to OWASP IoT TOP 10 2018: 

No1. Weak, Guessable, or Hardcoded Passwords Use of easily brute-forced, publicly available, or unchangeable credentials, including backdoors in firmware or client software that grants unauthorized access to deployed systems. 

PoC:

Using NMAP to scan target device, and found telnet service was open (port 23).

Using Hydra to perform a brute-force attack to get login account and password. (weak password)

Logging in via telnet with the above account and password to obtain system administrator privileges.