Adtec Digital Products Hardcoded Default Credentials Remote Root Access Vulnerability

A vulnerability exists in multiple Adtec Digital products, including the SignEdje Digital Signage Player version 2.08.28, due to hardcoded default credentials embedded in the Linux distribution of these devices. This vulnerability allows unauthenticated remote access via web, telnet, and SSH interfaces. Exploitation of this flaw enables attackers to gain root-level access and execute system commands. The issue affects various Adtec Digital products, including encoders, decoders, and a media management application.

Impact

Exploitation of this vulnerability leads to unauthorized root access, allowing attackers to execute arbitrary system commands. Additionally, according to Zero Science Lab, this vulnerability could cause a denial-of-service.

Reproduction

The vulnerability can be reproduced by logging into the affected device using the default credentials via SSH or Telnet. Once logged in, the 'id' command can be executed to confirm root access. The default credentials for SSH access are 'root1' with the password '1root!'. The Telnet API also accepts the 'adtec' username with 'none' as the password, which can be used to execute commands such as 'cat /etc/passwd' to demonstrate access.