ALLNET ALL-RUT22GW Hard-Coded Credential Vulnerability

A vulnerability exists in the ALLNET ALL-RUT22GW 4G LTE cellular router, specifically in version 3.3.8. The issue arises from hard-coded credentials embedded within the libicos.so library, which grant unauthorized access to the device's web management interface. This access could allow attackers to alter device settings and gain full control over the router.

Impact

Exploitation of this vulnerability provides unauthorized users with access to the router's web management panel, allowing them to change settings and potentially take complete control of the device.

Reproduction

The vulnerability can be reproduced by logging into the router's management panel using the hard-coded credentials. The username 'iwu@fbt&ND' and the password 'wut@uty&2210' can be used to gain 'system' access, the highest level of privilege on the device.