CVE-2022-29889

Vulnerability

The Abode iota All-In-One Security Kit firmware version 6.9Z exposes a telnet service on TCP port 55023 with a hard-coded root password. The password is derived from the device's MAC address using a predictable algorithm, as described in the Talos report [1]. This vulnerability is classified as CWE-798 (Use of Hard-coded Credentials).

Exploitation

An attacker who can reach the telnet service on port 55023 can authenticate as root using a password calculated from the device's MAC address. The derivation process is easily repeatable and can be performed off-device, allowing remote exploitation without prior authentication or user interaction [1].

Impact

Successful authentication grants the attacker root-level access to the device, enabling arbitrary command execution. This can lead to full compromise of the iota gateway, including data exfiltration, manipulation of security alerts, and potential pivot to other network devices [1].

Mitigation

As of the publication date (2022-10-25), no firmware update has been released to address this vulnerability. Users are advised to disable telnet access if possible, restrict network access to the device, or monitor for vendor updates [1].