Vulnerability in Dbl Technology (Dbltek) Goip

CVE-2017-20204

DBLTek GoIP devices (models GoIP 1, 4, 8, 16, and 32) contain an undocumented vendor backdoor in the Telnet administrative interface that allows remote authentication as an undocumented user via a proprietary challenge–response scheme whic…

EPSS: 0.012 (79.2th percentile) — read the EPSS interpretation.

Affected products

Dbl Technology (Dbltek) Goip

Weakness classification (CWE)

CWE-1242

References

www.dbltek.com/ (product)
www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/undocumented-backdoor-a… (technical-description, exploit)
github.com/JacobMisirian/DblTekGoIPPwn (exploit)
www.vulncheck.com/advisories/dbltek-goip-telnet-admin-interface-undocumented-ba… (third-party-advisory)