| Title | RoomCast TA-2400 - CVE-2023-33744 - Use of Hard-coded Password |
|---|
| Description | CVE—2023-33744: USE OF HARD-CODED PASSWORD in ROOMCAST.APK in TELEADAPT ROOMCAST TA-2400 1.0.0 AND LATER allows LOCAL to AUTHENTICATE via MANAGEMENT MODE
Vulnerabilty Type: CWE-259: Use of Hard-coded Password
Vulnerabilty Description: The RoomCast application encompasses three distinct management modes: Hotel mode, Admin mode, and Engineering mode. Notably, the passwords for all three management portals are publicly available and documented as part of the RoomCast documentation. It is important to note that the owners of the device do not have the ability to modify these passwords. Among the three modes, the Engineering mode holds the greatest impact. This powerful mode allows for modifications to be made to the Android component, as well as the initiation of a terminal session on the Android node.
Device: RoomCast TA-2400
Software: Roomcast.apk
RoomCast Component: Android OS
CVSS Base Score: Medium Risk - 5.9
CVSS Temporal Score: Medium Risk - 5.8
CVSS v3.1 Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:U/RC:C
Proof of Concept
In this section, we present a detailed proof of concept (PoC) to illustrate the identified vulnerability within the RoomCast TA-2400 device. The PoC provides step-by-step instructions for identifying the vulnerability and successfully exploiting it.
1. In the RoomCast graphical user interface navigate to the About/Feedback page using the RoomCast provided remote.
2. Enter in the combination of feedback levels (outlined below) to enter the different management modes.
Connect to the Hotel management mode;
Select the feedback level “Struggled”, “Struggled”.
Enter the password/PIN: 385521
Connect to the Admin management mode;
Select the feedback level “Struggled”, “Struggled”.
Enter the password/PIN: 843646
Connect to the Engineering management mode;
Select the feedback level “Not Cool”, “Whatever”, “Love It”.
Enter the password/PIN: 592671
Following these recreation steps will enable you to access the respective management modes within the RoomCast device, allowing you to utilize the associated functionalities and features. |
|---|
| Source | ⚠️ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33744 |
|---|
| User | jTag Labs (ID 51246) |
|---|
| Submission | 07/21/2023 03:37 (10 months ago) |
|---|
| Moderation | 07/28/2023 07:09 (7 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB Entry | 235620 |
|---|