CVE-2020-24053

Vulnerability

The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units contain undocumented hardcoded credentials that allow access via FTP, Telnet, and SSH [1]. These cameras run a Unix-based operating system. The hardcoded credentials are present in the firmware and can be discovered through reverse engineering or by analyzing the device's filesystem. The vulnerability affects the specific models mentioned and likely other versions in the EXO series as noted in the advisory [1].

Exploitation

An attacker with network access to the target device can authenticate using the hardcoded credentials without any additional authentication bypass. No user interaction is required. The protocols affected—FTP, Telnet, and SSH—each provide a different interface, but all rely on the same set of hardcoded usernames and passwords [1]. The attacker simply connects to the appropriate port and supplies the known credentials.

Impact

Successful exploitation leads to a confidentiality impact, as the attacker can log in to the device via FTP, Telnet, or SSH [1]. Depending on the service used, the attacker may gain shell access or be able to transfer files. The hardcoded credentials grant privileged access, potentially allowing full control over the camera's operating system. Information disclosure is the primary risk, but further compromise could lead to arbitrary command execution as root via other related vulnerabilities [1].

Mitigation

Moog has released a firmware update that removes the hardcoded credentials; users should apply the latest version provided by the vendor [1]. As a workaround, disabling unused services (FTP, Telnet, SSH) and restricting network access to the device via firewall rules can reduce exposure. The advisory notes that the affected units may be at end-of-life, in which case replacement is recommended [1].