Select Page

Multiple backdoors have been discovered during a penetration test in the firmware of a widely used voice over Internet Protocol (VoIP) appliance from Auerswald, a German telecommunications hardware manufacturer, that could be abused to gain full administrative access to the devices.

“Two backdoor passwords were found in the firmware of the COMpact 5500R PBX,” researchers from RedTeam Pentesting said in a technical analysis published Monday. “One backdoor password is for the secret user ‘Schandelah‘, the other can be used for the highest-privileged user ‘admin.’ No way was discovered to disable these backdoors.”

The vulnerability has been assigned the identifier CVE-2021-40859 and carries a critical severity rating of 9.8. Following responsible disclosure on September 10, Auerswald addressed the problem in a firmware update (version 8.2B) released in November 2021. “Firmware Update 8.2B contains important security updates that you should definitely apply, even if you don’t need the advanced features,” the company said in a post without directly referencing the issue.

PBX, short for private branch exchange, is a switching system that serves a private organization. It’s used to establish and control telephone calls between telecommunication endpoints, including customary telephone sets, destinations on the public switched telephone network (PSTN), and devices or services on VoIP networks.

RedTeam Pentesting said it uncovered the backdoor after it began to take a closer look into a service Auerswald provides in the event a customer were to lose access to their administrator account, in which case the password associated with the privileged account can be reset by reaching out to the manufacturer.

images from Hacker News