Jumo VariTRON Series Password Vulnerability in Debug Interface Allows Root Access

A vulnerability exists in the password generation algorithm of Jumo VariTRON series devices, specifically in the debug interface. The issue arises because the pseudo-random number generator (PRNG) is seeded with the current Unix timestamp, making the generated passwords predictable. An unauthenticated local attacker who knows the password generation timeframe could potentially brute-force the password and gain root access to the device. This vulnerability is present in the VariTRON300, VariTRON500, and VariTRON500 touch models, all running firmware versions prior to 9.0.2.5. The impact is somewhat limited, as the debug interface must be manually enabled by an authorized user and is automatically disabled after the device is rebooted.

Impact

Exploitation of this vulnerability allows unauthorized root access to the device via the UART and SSH interfaces.

Remediation

Users can update to version 9.0.2.5 to address this vulnerability. Additionally, the debug interface can be disabled to prevent unauthorized root access via SSH; this interface is automatically deactivated after a device reboot.