Tagsbackdoor, Germany, hacking, security, VOIP
Super secure VPN
Minimal data logging
On December 20th, it was reported that a backdoor was found in the network of a US Federal Agency. Now, RedTeam Pentesting researchers have identified multiple backdoors in a commonly used VoIP (voice over Internet protocol) appliance made by the German telecom hardware manufacturer Auerswald.
SEE: German audio tech giant Sennheiser exposed 55GB of users’ data
The backdoors were detected during penetration testing, and according to RedTeam Pentesting’s researchers, attackers can quickly obtain full administrative access to the devices.
In their technical analysis report published on Monday, RedTeam Pentesting researchers revealed that they discovered two backdoor passwords in the firmware of the COMpact 5500R PBX. One backdoor password was for the “solution user ‘Schandelah’,” and the other was used for the “optimum-privileged user’ admin.’”
“It turns out that Schandelah is the name of a tiny village in northern Germany where Auerswald produces their devices,” the report read.
However, researchers noted that they could not identify any way to disable the backdoors. The vulnerability is tracked as CVE-2021-40859 and assigned a CVSS score of 9.8.
For your information, PBX refers to Private Branch Exchange. It is a switching system, which serves as a private organization and is used to control/establish telephone calls between different telecom endpoints, such as traditional telephone sets, public switched telephone network destinations, and VoIP networks services and devices.
RedTeam Pentesting informed Auerswald on September 10, 2021, following a responsible disclosure practice. The German manufacturer fixed the issue in a firmware update released in November 2021. The company urges users to upgrade to the new version to stay protected.
“Firmware Update 8.2B contains important security updates that you should definitely apply, even if you don’t need the advanced features,” the company stated.
An attacker simply needs to generate the password from Schandelah’s username to obtain the serial number of the PBX. This information can be retrieved using any unauthenticated endpoint, and the attacker can easily access a web interface that lets them reset the administrator password.
Researchers identified that a fallback password is derived using the MD5 Hash algorithm for the second backdoors associated with the username Admin.
SEE: Bandwidth.com is the latest victim of nonstop DDoS attacks against VoIP
However, the difference between both backdoors is that the latter uses a two-letter country code that is suffixed to a concatenated string before creating the MD5 hash. This password also provides full privilege access to the PBX without changing the password.
“Using the backdoor, attackers are granted access to the PBX with the highest privileges, enabling them to completely compromise the device. The backdoor passwords are not documented. They secretly coexist with a documented password recovery function supported by the vendor,” researchers explained.
Did you enjoy reading this article? Like our page onFacebookand follow us on Twitter.
Get the best stories straight into your inbox!
Don’t worry, we don’t spam
App Store Google News
HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.
Hackread.com is among the registered trademarks of Gray Dot Media Group Ltd. Company registration number 12903776 in regulation with the United Kingdom Companies House. The registered address is 85 Great Portland Street, London, England, W1W 7LT
The display of third-party trademarks and trade names on the site do not necessarily indicate any affiliation or endorsement of Hackread.com. If you click an affiliate link and buy a product or service, we may be paid a fee by that merchant.