A Telnet backdoor vulnerability affects more than one million IoT devices

Researchers recently discovered two new vulnerabilities (CVE-2019-13473 and CVE-2019-13474) in the Telestar Digital GmbH Internet of Things (IoT). Hackers can use these vulnerabilities to remotely control the network signals of IoT devices, change device names, steal audio files, and so on. The affected products are Telestar’s Imperial & Dabman I and D series of connected devices, involving more than one million devices.

backdoored Python libraries

The researchers found an exception on a server connected to a Telestar device: it’s port 23 had an unknown Telnet service. Since the port is active and the password security is not strong, the hacker can quickly establish a network connection with it and brute-force within only 10 minutes due to lax password security. Once successfully hacked, the hacker will be able to edit and access all content on the device connected to the server. Experts said that network security risks on IoT devices should be taken seriously.

Currently, Telestar Digital GmbH Internet of Things (IoT) has released security patches to fix this vulnerability.

Via: ZDNet