| 标题 | Ziroom Smart Ziroom Smart Gateway (ZH-A0101) ZH-A0101 1.0.1.0 Backdoor |
|---|
| 描述 | The Ziroom Smart Gateway (model ZH-A0101) contains a factory-default Telnet backdoor listening on port 23 (or non-standard port 1022 in some scans). It uses weak/hardcoded default credentials (e.g., username: root/admin, password: admin or empty) granting full root shell access remotely.
The backdoor is enabled via a hard-coded startup script (/etc/init.d/telnet) that launches /usr/sbin/telnetd -l /bin/login.sh on boot, restoring default root access even after modifications.
This allows unauthenticated or weakly authenticated remote code execution with root privileges, leading to full device compromise and persistent backdoor access.
Affected: Confirmed on firmware x.x.x.x (released 2020-04-15). Potentially earlier versions.
Reference: Manufacturer download center https://ziruai.cn/
Disclosure: Discovered and publicly disclosed 2026-01-23. File system extracted via UART shell. |
|---|
| 来源 | ⚠️ https://github.com/Blackhole23-Lab/- |
|---|
| 用户 | xxyNB (UID 94808) |
|---|
| 提交 | 2026-01-23 10時23分 (5 月前) |
|---|
| 管理 | 2026-02-03 13時53分 (11 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 343976 [Ziroom ZHOME A0101 1.0.1.0 Dropbear SSH Service 远程代码执行] |
|---|
| 积分 | 20 |
|---|