제출 #185321: RoomCast TA-2400 - CVE-2023-33744 - Use of Hard-coded Password정보

제목	RoomCast TA-2400 - CVE-2023-33744 - Use of Hard-coded Password
설명	CVE—2023-33744: USE OF HARD-CODED PASSWORD in ROOMCAST.APK in TELEADAPT ROOMCAST TA-2400 1.0.0 AND LATER allows LOCAL to AUTHENTICATE via MANAGEMENT MODE Vulnerabilty Type: CWE-259: Use of Hard-coded Password Vulnerabilty Description: The RoomCast application encompasses three distinct management modes: Hotel mode, Admin mode, and Engineering mode. Notably, the passwords for all three management portals are publicly available and documented as part of the RoomCast documentation. It is important to note that the owners of the device do not have the ability to modify these passwords. Among the three modes, the Engineering mode holds the greatest impact. This powerful mode allows for modifications to be made to the Android component, as well as the initiation of a terminal session on the Android node. Device: RoomCast TA-2400 Software: Roomcast.apk RoomCast Component: Android OS CVSS Base Score: Medium Risk - 5.9 CVSS Temporal Score: Medium Risk - 5.8 CVSS v3.1 Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:U/RC:C Proof of Concept In this section, we present a detailed proof of concept (PoC) to illustrate the identified vulnerability within the RoomCast TA-2400 device. The PoC provides step-by-step instructions for identifying the vulnerability and successfully exploiting it. 1. In the RoomCast graphical user interface navigate to the About/Feedback page using the RoomCast provided remote. 2. Enter in the combination of feedback levels (outlined below) to enter the different management modes. Connect to the Hotel management mode; Select the feedback level “Struggled”, “Struggled”. Enter the password/PIN: 385521 Connect to the Admin management mode; Select the feedback level “Struggled”, “Struggled”. Enter the password/PIN: 843646 Connect to the Engineering management mode; Select the feedback level “Not Cool”, “Whatever”, “Love It”. Enter the password/PIN: 592671 Following these recreation steps will enable you to access the respective management modes within the RoomCast device, allowing you to utilize the associated functionalities and features.
원천	⚠️ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33744
사용자	jTag Labs (UID 51246)
제출	2023. 07. 21. AM 03:37 (3 연령 ago)
모더레이션	2023. 07. 28. AM 07:09 (7 days later)
상태	수락
VulDB 항목	235620 [TeleAdapt RoomCast TA-2400 까지 3.1 Roomcast Application Roomcast.apk 약한 인증]
포인트들	20

◂ 이전 개요 다음 ▸

Interested in the pricing of exploits?

See the underground prices here!