Preface: A similar vulnerability to Dlink (CVE-2022-36524).The device vulnerable to Static Default Credentials via /etc/init0.d/S80telnetd[.]sh.
Background: According to Trendnet’s official announcement, TEW-733GR (version v1.0R) has been discontinued. Because not sure if the vendor is talking about hardware or firmware. In fact, you go through their portal. The firmware (Trendnet TEW733GR v1.03B01) is still available for download.
Vulnerability details:Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd[.]sh.
Coincidentally, DLink (CVE-2022-36524) encountered similar of design weakness.The device vulnerable to Static Default Credentials via /etc/init.d/S80 Telnetd[.]sh.
Observation: Once the attacker does small reverse engineering. This design weakness (the valid credentials stored by default) similarly helps them run scripts that download and install XorDdos on the target device with root privileges. Similar to the 2.4 Tbps DDoS attack Microsoft encountered in August 2021 will be happened again.
Due to the attack method of XorDdos, botnet attacks will be formed on victims in different regions. It’s hard to say that it can be avoided through a GRE tunnel. Or stop an ongoing attack by identifying patterns in traffic. If the remedy or mitation can do it quickly. It can avoid the unknown cyber attack. As we know, IoT and computing devices flaw happen hourly or daily. But it’s easy to forget. In fact, even if the fix is ready, the end user may not take immediate action. That’s what security experts feared a decade ago. When the Internet of Things was born, cybersecurity would make the digital world crazy.
Official announcement – Please refer to the link for details:
Trendnet CVE-2022-38556 – https://nvd.nist.gov/vuln/detail/CVE-2022-38556
DLink CVE-2022-36524 – https://nvd.nist.gov/vuln/detail/CVE-2022-36524