| Title | Ziroom Smart Smart Gateway ZH-A0101 ZH-A0101 1.0.1.0 Credentials Management |
|---|
| Description | The Ziroom Smart Gateway (model ZH-A0101, firmware x.x.x.x released 2020-04-15) enables Dropbear SSH service by default on non-standard port 1022 (instead of common port 22). The UCI configuration (/etc/config/dropbear) has RootLogin=1, RootPasswordAuth=1, and PasswordAuth=1, allowing root login with weak or default credentials (e.g., root/admin or blank password).An attacker can connect via SSH to port 1022 with default credentials, gaining root shell access. This leads to pre-authentication remote code execution (RCE), configuration changes, data exfiltration, or persistence.Although SSH can be disabled via UCI (set dropbear.@dropbear[0].enable='0'), the factory default exposes it on a hidden port, increasing stealth attack risk. |
|---|
| Source | ⚠️ https://github.com/Blackhole23-Lab/-/blob/main/vulns/ssh-backdoor.md |
|---|
| User | xxyNB (UID 94808) |
|---|
| Submission | 01/23/2026 11:47 AM (2 months ago) |
|---|
| Moderation | 02/03/2026 01:53 PM (11 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 343976 [Ziroom ZHOME A0101 1.0.1.0 Dropbear SSH Service default credentials] |
|---|
| Points | 0 |
|---|