Telnet Backdoor Opens More Than 1M IoT Radios to Hijack
Cybersecurity researchers with Vulnerability Lab have uncovered two security vulnerabilities in Imperial Dabman IoT radios that could enable attackers to gain control over more than a million devices and use them to plant malware, enslave them into a botnet, and retrieve sensitive data including the Wi-Fi password of the network the device is connected to.
The most critical vulnerability, tracked as CVE-2019-13473, describes the existence of an undocumented, persistent and weakly secured Telnet service that connects to Port 23 of the device. The service is “secured” by means of a hardcoded password, which is “password.” Accessing this service provides attackers with root privileges on the device. A second flaw, tracked as CVE-2019-13474), can enable attackers to execute unauthorized commands on impacted radios.