CVE-2012-1803
RuggedCom Rugged Operating System < 3.10.1 - Unauthenticated Backdoor Account Access via MAC Address Calculation
Title source: llmExploitation Summary
EIP tracks 3 public exploits for CVE-2012-1803.
PoCs published by jc, x3roxismygood, including Metasploit module auxiliary/scanner/telnet/telnet_ruggedcom.
AI-analyzed exploit summary The exploit reveals an undocumented backdoor account in RuggedCom's Rugged Operating System (ROS) with a dynamically generated password based on the device's MAC address. The provided Perl script calculates the password, allowing unauthorized access to the 'factory' account.
Description
RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) TELNET, (2) remote shell (aka rsh), or (3) serial-console session.
Exploits (3)
The exploit reveals an undocumented backdoor account in RuggedCom's Rugged Operating System (ROS) with a dynamically generated password based on the device's MAC address. The provided Perl script calculates the password, allowing unauthorized access to the 'factory' account.
This PoC demonstrates CVE-2012-1803 by deriving the hidden factory account password from a Siemens RuggedCom ROS device's MAC address, allowing unauthorized administrative access. The script reverses the MAC address, appends padding, and computes a password via modulo operation.
This Metasploit module exploits a hardcoded backdoor account in RuggedCom ROS by generating a password derived from the device's MAC address. It connects via Telnet, extracts the MAC from the banner, and calculates the password for the 'factory' user.