Beetel 777VR1 SSH Service Cryptographic Vulnerability

A vulnerability exists in the SSH service of the Beetel 777VR1 broadband router, affecting firmware versions through 01.00.09. The issue arises from the use of outdated SSH protocols and cryptographically broken algorithms, which lead to weak encryption. The router's SSH daemon identifies itself as SSH_0.48, an obsolete version that supports only deprecated and insecure key exchange methods, host key algorithms, and ciphers. This vulnerability allows remote attackers to intercept SSH credentials, decrypt traffic, and conduct man-in-the-middle attacks, exploiting the lack of modern cryptographic protections.

Impact

The vulnerability allows for the interception of SSH authentication credentials, decryption of SSH traffic, and execution of man-in-the-middle attacks against management sessions. These actions compromise the integrity of the SSH connection and increase the risk of full administrative access to the device.

Reproduction

The vulnerability can be reproduced by connecting to the router's SSH service, which is exposed to both LAN and WAN. During the SSH handshake, the outdated and insecure cryptographic algorithms can be observed, confirming the vulnerability.

Remediation

Users are advised to remove the obsolete SSH implementation entirely and upgrade to a modern, maintained SSH server. Deprecated algorithms such as 'diffie-hellman-group1-sha1', 'ssh-rsa' with SHA-1, and '3des-cbc' should be disabled. Instead, modern cryptographic standards should be enforced, including strong key exchange methods, secure ciphers, and updated host key algorithms. Additionally, implementing secure credential policies and key-based authentication is recommended.