Use of Default Credentials to Unauthorised Remote Access of Internal Panel of Tieline.

👨🏼‍💻Discovered by Pratik Khalane

📝Published on 01/07/2021.

📄Vulnerable version ≤ 2.6.4.8

🔗Vendor Homepage: https://tieline.com/gateway/

CVE Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35336

Bug Description:

A vulnerability in the Tieline Web Administrative Interface on Version 2.6.4.8 and Below Could allow an Unauthenticated Remote User to access a sensitive part of the system with a high privileged account.

This Vulnerability is Due to the Presence of a Default Account that has a default username “admin” and default password “password” in it. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to obtain read and write access to system data, including the configuration of the affected devices. The attacker would gain access to a sensitive portion of the system and have full administrative rights to control the device. Leading to an Increase in the Severity of the Vulnerability.

Attack Vector:

A Malicious attacker could exploit this vulnerability by remotely Logging in into an affected system by using the Default Credentials.

Steps to Reproduce:

  1. Go to the Tieline admin panel

2. Now go to the toolbox.

3. After this you can give the username “admin” and the password “password” and click on sign in.

4. Now when you are Redirected to the Administrative Panel, you will be able to Read and Control the Device and also be able to change the device’s Configuration Remotely.

Proof Of Concept :

Dork to Find

You Can Use the Below Dork to Find the Devic Affected. Be Responsible Before Exploiting this Bug.

Google : intext:2.6.4.8 — © 2019 tieline pty ltd

Thank You for reading :)

As a penetration tester and cybersecurity researcher, I have a deep understanding of the security process to ensure all vulnerabilities are identified