China Unicom TEWA-800G debug log file

Vulnerability

The vulnerability exists in the China Unicom TEWA-800G gateway running firmware version 4.16L.04_CT2015_Yueme. It is an information exposure issue where the device's debug log file prints the default administrative password in plaintext. This occurs when an attacker gains physical access and connects to the UART serial port using a TTL cable, causing the console to output logs that include the unredacted password. [1]

Exploitation

To exploit, an attacker must have physical access to the device, disassemble it, and connect a TTL cable to the UART pins. Using a terminal program such as PuTTY, the attacker can observe the console output during boot or operation. The default password is printed in clear text among the log messages. The attack complexity is high due to the requirement for physical proximity and hardware manipulation. [1]

Impact

Successful exploitation reveals the device's default password, allowing the attacker to authenticate to the gateway's management interface. This could lead to unauthorized configuration changes, network access, or further compromise of connected devices. The impact is limited to confidentiality of the password, but it may enable broader attacks. [1]

Mitigation

As of the publication date, no official firmware update has been released to address this issue. The vendor (China Unicom) has not publicly acknowledged the vulnerability or provided a patch. The only mitigation is to restrict physical access to the device and disable unused debug interfaces if possible. Users should monitor for future firmware updates. [1]