Hard-Coded Password Vulnerability in Technicolor TG670 Devices
CVE-2023-31808

7.2HIGH

Key Information:

Vendor: Technicolor
Status: Tg670 Firmware
Vendor: CVE Published:; 19 September 2023

🔔 Create Technicolor Vulnerability Alert

What is CVE-2023-31808?

Technicolor TG670 devices running version 10.5.N.9 are susceptible to a security vulnerability due to the existence of multiple accounts with hard-coded passwords. One of these accounts possesses administrative privileges, which can lead to unauthorized access when Remote Administration is enabled. This vulnerability allows attackers to leverage unrestricted access over the WAN interface, raising significant security concerns for users of the affected devices.

References

https://www.kb.cert.org/vuls/id/913565

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 19, 2023
Vulnerability Reserved
Apr 29, 2023