Full Report
A remote attacker can get administrative privileges using default credentials.
Analysis Summary
# Vulnerability: Kraftway-24F2XG Router Default Credentials
## CVE Details
- **CVE ID:** CVE-2018-15350
- **CVSS Score:** 9.8 (Critical)
- **CWE:** CWE-255 (Common Weak Password Requirements / Default Credentials)
## Affected Systems
- **Products:** Kraftway-24F2XG Router
- **Versions:** Firmware version 3.5.30.1118
- **Configurations:** Systems running with factory default administrative settings.
## Vulnerability Description
The Kraftway-24F2XG router ships with a set of hardcoded or predictable default credentials. Because these credentials are not forced to change upon initial setup, a remote attacker can use them to authenticate to the device's management interface. Successful authentication grants the attacker full administrative privileges over the device.
## Exploitation
- **Status:** Unknown (No public PoC cited, but exploitation is trivial).
- **Complexity:** Low
- **Attack Vector:** Network (Remote)
## Impact
- **Confidentiality:** High (Attacker can access all device configurations and intercepted traffic data).
- **Integrity:** High (Attacker can modify routing tables, firewall rules, and firmware).
- **Availability:** High (Attacker can disable the device or disrupt network services).
## Remediation
### Patches
- **Firmware Update:** Upgrade to version **3.5.47-315-gef7** or higher. This update reportedly addresses the default credential issue.
### Workarounds
- **Credential Rotation:** Immediately change all default administrative passwords to unique, complex passwords.
- **Access Control:** Restrict access to the management interface (Web/SSH/Telnet) to trusted internal IP addresses only.
- **Disable Remote Management:** Ensure the management interface is not exposed to the public internet (WAN).
## Detection
- **Indicators of Compromise:** Monitor logs for successful logins from unexpected IP addresses using administrative accounts. Look for unauthorized configuration changes or unexpected reboots.
- **Detection Methods and Tools:** Use network security scanners to check for open management ports (80, 443, 22, 23) and attempt logins using known factory default credentials for Kraftway hardware.
## References
- **Kaspersky ICS CERT Advisory:** hxxps[://]ics-cert[.]kaspersky[.]com/advisories/2018/08/17/klcert-18-006-kraftway-24f2xg-router-default-credentials/
- **NVD CVE-2018-15350:** hxxps[://]nvd[.]nist[.]gov/vuln/detail/CVE-2018-15350