Adtec Digital Multiple Products Default/Hardcoded Credentials Remote Root
Title: Adtec Digital Multiple Products Default/Hardcoded Credentials Remote Root
Advisory ID: ZSL-2020-5603
Type: Local/Remote
Impact: System Access, DoS
Risk: (5/5)
Release Date: 26.10.2020
mediaHUB HD-Pro High & Standard Definition MPEG2 Encoder v3.07.19
afiniti Multi-Carrier Platform v1905_11
EN-31 Dual Channel DSNG Encoder / Modulator v2.01.15
EN-210 Multi-CODEC 10-bit Encoder / Modulator v3.00.29
EN-200 1080p AVC Low Latency Encoder / Modulator v3.00.29
ED-71 10-bit / 1080p Integrated Receiver Decoder v2.02.24
edje-5110 Standard Definition MPEG2 Encoder v1.02.05
edje-4111 HD Digital Media Player v2.07.09
Soloist HD-Pro Broadcast Decoder v2.07.09
adManage Traffic & Media Management Application v2.5.4
GNU/Linux 3.12.38 (PowerPC)
GNU/Linux 2.6.14 (PowerPC)
Adtec Embedded Linux 0.9 (fido) Apache
[12.10.2020] Vendor contacted.
[25.10.2020] No response from the vendor.
[26.10.2020] Public security advisory released.
[2] https://packetstormsecurity.com/files/159709
[3] https://exchange.xforce.ibmcloud.com/vulnerabilities/190628
[04.11.2020] - Added reference [1], [2] and [3]
Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2020-5603
Type: Local/Remote
Impact: System Access, DoS
Risk: (5/5)
Release Date: 26.10.2020
Summary
Adtec Digital is a leading manufacturer of Broadcast, Cable and IPTV products and solutions.Description
The devices utilizes hard-coded and default credentials within its Linux distribution image for Web/Telnet/SSH access. A remote attacker could exploit this vulnerability by logging in using the default credentials for accessing the web interface or gain shell access as root.Vendor
Adtec Digital, Inc. - https://www.adtecdigital.comAffected Version
SignEdje Digital Signage Player v2.08.28mediaHUB HD-Pro High & Standard Definition MPEG2 Encoder v3.07.19
afiniti Multi-Carrier Platform v1905_11
EN-31 Dual Channel DSNG Encoder / Modulator v2.01.15
EN-210 Multi-CODEC 10-bit Encoder / Modulator v3.00.29
EN-200 1080p AVC Low Latency Encoder / Modulator v3.00.29
ED-71 10-bit / 1080p Integrated Receiver Decoder v2.02.24
edje-5110 Standard Definition MPEG2 Encoder v1.02.05
edje-4111 HD Digital Media Player v2.07.09
Soloist HD-Pro Broadcast Decoder v2.07.09
adManage Traffic & Media Management Application v2.5.4
Tested On
GNU/Linux 4.1.8 (armv7l)GNU/Linux 3.12.38 (PowerPC)
GNU/Linux 2.6.14 (PowerPC)
Adtec Embedded Linux 0.9 (fido) Apache
Vendor Status
[24.07.2020] Vulnerability discovered.[12.10.2020] Vendor contacted.
[25.10.2020] No response from the vendor.
[26.10.2020] Public security advisory released.
PoC
adtec_hardcoded.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] https://www.exploit-db.com/exploits/48954[2] https://packetstormsecurity.com/files/159709
[3] https://exchange.xforce.ibmcloud.com/vulnerabilities/190628
Changelog
[26.10.2020] - Initial release[04.11.2020] - Added reference [1], [2] and [3]
Contact
Zero Science LabWeb: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk