Ziroom ZHOME A0101 Dropbear SSH Service Default Credentials Vulnerability

A vulnerability exists in the Ziroom ZHOME A0101 model, specifically in version 1.0.1.0, within the Dropbear SSH service. This vulnerability allows remote access using default credentials. The issue arises because the device's SSH service is enabled by default on a non-standard port (1022), with root login permitted through weak or hardcoded passwords. The vulnerability is considered to have a high attack complexity, although a public exploit is available.

Impact

Exploitation of this vulnerability leads to unauthorized root access via SSH, allowing full control over the device. This access is persistent, as the backdoor is re-established after each reboot.

Reproduction

The vulnerability can be reproduced by connecting to the device's SSH service on port 1022 using default credentials, such as 'root' for the username and 'admin' or a blank password. Once connected, root privileges can be used to execute commands, modify configurations, or access sensitive data.