Vendor Backdoor Vulnerability in DBLTek GoIP Devices
CVE-2017-20204

9.3CRITICAL

Key Information:

Vendor

Dbl Technology (dbltek)

Status
Goip
Vendor
CVE Published:
15 October 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2017-20204?

DBLTek GoIP devices, including models 1, 4, 8, 16, and 32, are compromised by an undocumented vendor backdoor in the Telnet administrative interface. This flaw allows unauthorized remote authentication through a flawed proprietary challenge-response mechanism. An attacker can exploit this weakness to authenticate without a secret and gain root access to the device. This results in the potential for persistent remote code execution, complete control over the device, and manipulation of any managed services. There have been firmware updates since December 2016 intended to complicate exploitation, but it remains unclear if these modifications effectively address the underlying security issue.

Affected Version(s)

GoIP *

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2017-20204 - Proof of Concept

CVE-2017-20204 - Proof of Concept

References

http://www.dbltek.com/
product
https://www.trustwave.com/en-us/resources/blogs/spiderlab...
technical-descriptionexploit
https://github.com/JacobMisirian/DblTekGoIPPwn
exploit

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

SpiderLabs/Trustwave/LevelBlue
JSON
.
CVE-2017-20204 : Vendor Backdoor Vulnerability in DBLTek GoIP Devices