Trusted Design

DSL routers contain hard-coded "XXXXairocon" credentials

概要

CWE-798: Use of Hard-coded Credentials DSL routers, including the ASUS DSL-N12E, DIGICOM DG-5524T, Observa Telecom RTA01N, Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN, and ZTE ZXV10 W300 contain hard-coded credentials that are useable in the telnet service on the device. In the ASUS, DIGICOM, Observa Telecom, and ZTE devices, the username is "admin," in the PLDT device, the user name is "adminpldt," and in all affected devices, the password is "XXXXairocon" where "XXXX" is the last four characters of the device's MAC address. The MAC address may be obtainable over SNMP with community string public. The vulnerability was previously disclosed in VU#228886 and assigned CVE-2014-0329 for ZTE ZXV10 W300, but it was not known at the time that the same vulnerability affected products published by other vendors. The Observa Telecom RTA01N was previously disclosed on the Full Disclosure mailing list.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

ZTE ZXHN H108N R1A routers contain multiple vulnerabilities (score: 0.57)
ZSCALER 2015-12-13: New Spy Banker Trojan Telax (score: 0.54)
DVR Firmware for multiple vendors contains hard-coded creds (score: 0.53)
Cisco default credentials - again! (score: 0.51)
Vulnerability Note VU#614751 - Hughes satellite modems contain multiple vulnerabilities (score: 0.51)

このPulseに関連する脅威アクター (事実ベース)

Sandworm Team

Score: 5.31

Matched TTPs:

T1588.006 - Vulnerabilities
T1190 - Exploit Public-Facing Application

MITREへのリンク →

Volt Typhoon

Score: 10.74

Matched TTPs:

T1588.006 - Vulnerabilities
T1190 - Exploit Public-Facing Application
T1680 - Local Storage Discovery
T1124 - System Time Discovery

MITREへのリンク →

Storm-0501

Score: 7.41

Matched TTPs:

T1588.006 - Vulnerabilities
T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service

MITREへのリンク →

Rocke

Score: 4.76

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1102.001 - Dead Drop Resolver

MITREへのリンク →

FIN7

Score: 8.82

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service
T1124 - System Time Discovery
T1078.003 - Local Accounts

MITREへのリンク →

APT28

Score: 19.22

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1557.004 - Evil Twin
T1498 - Network Denial of Service
T1550.001 - Application Access Token
T1001.001 - Junk Data

MITREへのリンク →

Kimsuky

Score: 12.35

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service
T1680 - Local Storage Discovery
T1102.001 - Dead Drop Resolver
T1078.003 - Local Accounts

MITREへのリンク →

BackdoorDiplomacy

Score: 3.57

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service

MITREへのリンク →

FIN13

Score: 3.57

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service

MITREへのリンク →

BlackTech

Score: 4.91

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1036.002 - Right-to-Left Override

MITREへのリンク →

Magic Hound

Score: 3.57

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service

MITREへのリンク →

Medusa Group

Score: 4.22

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

Sea Turtle

Score: 4.14

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1078.003 - Local Accounts

MITREへのリンク →

Fox Kitten

Score: 3.57

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service

MITREへのリンク →

Ke3chang

Score: 4.91

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1036.002 - Right-to-Left Override

MITREへのリンク →

ToddyCat

Score: 4.30

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1680 - Local Storage Discovery

MITREへのリンク →

Winter Vivern

Score: 3.57

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service

MITREへのリンク →

APT29

Score: 4.14

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1078.003 - Local Accounts

MITREへのリンク →

UNC3886

Score: 6.16

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service
T1124 - System Time Discovery

MITREへのリンク →

APT41

Score: 6.85

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1036.004 - Masquerade Task or Service
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Play

Score: 4.14

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1078.003 - Local Accounts

MITREへのリンク →

HAFNIUM

Score: 8.27

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1550.001 - Application Access Token
T1078.003 - Local Accounts

MITREへのリンク →

Ferocious Kitten

Score: 3.44

Matched TTPs:

T1036.002 - Right-to-Left Override

MITREへのリンク →

Scarlet Mimic

Score: 3.44

Matched TTPs:

T1036.002 - Right-to-Left Override

MITREへのリンク →

BRONZE BUTLER

Score: 9.32

Matched TTPs:

T1036.002 - Right-to-Left Override
T1124 - System Time Discovery
T1102.001 - Dead Drop Resolver

MITREへのリンク →

APT32

Score: 4.76

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1078.003 - Local Accounts

MITREへのリンク →

Wizard Spider

Score: 5.72

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1555.004 - Windows Credential Manager

MITREへのリンク →

FIN6

Score: 4.84

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

PROMETHIUM

Score: 4.76

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1078.003 - Local Accounts

MITREへのリンク →

ZIRCONIUM

Score: 4.69

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1124 - System Time Discovery

MITREへのリンク →

Higaisa

Score: 7.52

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1680 - Local Storage Discovery
T1124 - System Time Discovery

MITREへのリンク →

Lazarus Group

Score: 11.65

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1027.007 - Dynamic API Resolution
T1680 - Local Storage Discovery
T1124 - System Time Discovery

MITREへのリンク →

Velvet Ant

Score: 5.41

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1078.003 - Local Accounts

MITREへのリンク →

Tropic Trooper

Score: 8.25

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1680 - Local Storage Discovery
T1078.003 - Local Accounts

MITREへのリンク →

OilRig

Score: 6.37

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1555.004 - Windows Credential Manager

MITREへのリンク →

Stealth Falcon

Score: 3.62

Matched TTPs:

T1555.004 - Windows Credential Manager

MITREへのリンク →

Turla

Score: 8.88

Matched TTPs:

T1555.004 - Windows Credential Manager
T1124 - System Time Discovery
T1078.003 - Local Accounts

MITREへのリンク →

Mustang Panda

Score: 4.13

Matched TTPs:

T1027.007 - Dynamic API Resolution

MITREへのリンク →

Patchwork

Score: 6.12

Matched TTPs:

T1680 - Local Storage Discovery
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Chimera

Score: 5.43

Matched TTPs:

T1680 - Local Storage Discovery
T1124 - System Time Discovery

MITREへのリンク →

RTM

Score: 3.29

Matched TTPs:

T1102.001 - Dead Drop Resolver

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.78

Matched TTPs:

T1498 - Network Denial of Service
T1001.001 - Junk Data
T1550.001 - Application Access Token
T1190 - Exploit Public-Facing Application
T1557.004 - Evil Twin

MITREへのリンク →

Related CVEs

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る