CVE-2021-40859

This is a detailed advisory and analysis of backdoor accounts in Auerswald COMpact PBX devices, including the method to derive the password for the hidden 'Schandelah' user. It provides steps to extract and analyze the firmware but does not include executable exploit code.

This PoC exploits a backdoor vulnerability in Auerswald COMpact devices by generating default passwords based on device serial and date information, then attempting authentication. It targets versions <= 8.0B and <= 4.0S.

This PoC exploits an unauthenticated endpoint in Auerswald VoIP systems to generate a backdoor password using a hardcoded algorithm involving the device's serial number and date. It then reveals credentials for the hidden 'Schandelah' account.