CVE-2022-36560

Vulnerability

Seiko SkyBridge MB-A200 routers running firmware version v01.00.04 and below contain multiple hard-coded passcodes for the root user. These passcodes are stored in plaintext in the files /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh [1]. No authentication or special privileges are required to read these files if an attacker can access the device's filesystem.

Exploitation

An attacker with network access to the device can retrieve the hard-coded root passcodes by reading the aforementioned configuration files. If the device's web interface or SSH service is exposed, the attacker can then use the obtained passcodes to log in as root, gaining full administrative access.

Impact

Successful exploitation allows an attacker to gain root-level access to the affected router. This compromises the confidentiality, integrity, and availability of the device and any connected network resources. The attacker can modify device settings, intercept traffic, or use the device as a pivot for further attacks.

Mitigation

Seiko has released a firmware update to address this issue; users should upgrade to the latest version available from the vendor's support page [1]. As a workaround, restrict network access to the device and ensure that configuration files are not readable by unprivileged users.