The CERT Coordination Center (CERT/CC) reported that multiple hardcoded credentials in the Technicolor TG670 DSL gateway router allow hackers to completely take over the devices. The TG670 router is designed for homes and small offices, and allows administrators to authenticate via HTTP, SSH, or Telnet.
The vulnerability specifically impacts Technicolor TG670 DSL routers running firmware version 10.5.N.9. When the remote administration feature is enabled, users from external networks can gain full administrative access to the device. If attackers know the default username and password they can remotely modify the administrative settings of the router. To mitigate exposure to the vulnerability, tagged CVE-2023-31808, users are advised to disable the remote administrative function on these devices.
Read More: