This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Secret backdoors found in Auerswald Compact firmware. π **Consequences**: Attackers gain full administrative control over the device via the web interface.β¦
π‘οΈ **Root Cause**: Hardcoded or hidden backdoor credentials embedded directly in the firmware. π« **CWE**: Not explicitly listed, but effectively a **Broken Access Control** / **Hardcoded Credentials** flaw.β¦
π¦ **Affected Products**: Auerswald COMpact series (3000, 4000, 5000, 5200, 5500R, 6000, etc.). π **Versions**: Firmware version **8.0B and below** (<= 8.0B). Includes COMpact 5500R 7.8A and 8.0B.
Q4What can hackers do? (Privileges/Data)
π **Privileges**: Full **Administrative Access**. π **Data**: Complete control over the device settings, configuration, and potentially connected VoIP/ISDN networks.β¦
β οΈ **Threshold**: **Medium**. π **Auth**: Requires access to the **Web-based Management Application**. If the web interface is exposed to the internet or internal network, exploitation is trivial.β¦
π₯ **Exploit**: **YES**. Multiple public PoCs exist on GitHub (e.g., by dorkerdevil, pussycat0x). π οΈ Tools like Nuclei templates are also available for automated scanning. Wild exploitation is highly likely.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Use Nuclei templates (`CVE-2021-40859.yaml`) to scan for the unauthenticated endpoint `/about_state`. π Run Python PoC scripts against target IPs.β¦
π§ **Workaround**: If no patch is available, **block access** to the web management interface from untrusted networks. π Restrict access to trusted IPs only.β¦
π₯ **Urgency**: **HIGH**. π¨ Since PoCs are public and it grants full admin access, immediate action is required. Prioritize patching or network isolation for all Auerswald Compact devices running <= 8.0B.