Shenzhen Tuoshi NR500-EA SSH Service Vulnerability with Hard-Coded Root Account

Vulnerability

A vulnerability exists in Shenzhen Tuoshi NR500-EA devices running firmware RG500UEAABxCOMSLICv3.4.2731.16.43. The SSH service is enabled by default, and there is a hidden hard-coded root account that cannot be disabled through the graphical user interface. This vulnerability allows remote access to the device with root privileges.

Impact

Exploitation of this vulnerability allows remote access to the device via SSH with root privileges, using hard-coded credentials. This could lead to unauthorized modifications, potential execution of malicious commands, and complete control over the device.

Added: Aug 13, 2025, 8:30 PM

Updated: Aug 13, 2025, 8:30 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.1

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.1

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Shenzhen Tuoshi NR500-EA SSH Service Vulnerability with Hard-Coded Root Account

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating