CVE-2017-20204
BaseFortify
Publication date: 2025-10-15
Last updated on: 2025-10-16
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dbltek | goip | 32 |
| dbltek | goip | 8 |
| dbltek | goip | 4 |
| dbltek | goip | 1 |
| dbltek | goip | 16 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1242 | The device includes chicken bits or undocumented features that can create entry points for unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in DBLTek GoIP devices (models 1, 4, 8, 16, and 32) and involves an undocumented backdoor in the Telnet administrative interface. The backdoor allows remote authentication as an undocumented user through a proprietary challenge-response scheme that is fundamentally flawed. The challenge response can be computed solely from the challenge itself, enabling an attacker to authenticate without knowing any secret credentials. Successful exploitation grants the attacker root shell access on the device, leading to persistent remote code execution, full device compromise, and arbitrary control over the device and its managed services. [1, 3]
How can this vulnerability impact me? :
Exploitation of this vulnerability allows a remote attacker to gain root access to the affected DBLTek GoIP devices without any credentials. This leads to full device compromise, persistent remote code execution, and arbitrary control over the device and any services it manages. Attackers can execute arbitrary commands, potentially use the devices to send SMS messages via onboard SIM cards, and incorporate the devices into botnets, which can cause significant operational disruption and misuse of resources. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing if a device responds to the undocumented Telnet backdoor authentication. Using the exploit tool "DblTekGoIPPwn," you can test IP addresses or lists of IPs for vulnerable GoIP devices. The tool supports a command-line mode `--test --file [IP_FILE] --output [OUTPUT_FILE]` which tests multiple hosts for vulnerability and outputs the results. Additionally, you can attempt to connect via Telnet to the device on port 23 and observe if the device issues a challenge string upon login with the username 'dbladm'. Using the tool's `--compute-response [CHALLENGE]` command, you can compute the valid response to the challenge and verify if authentication is successful, indicating vulnerability. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or disabling Telnet access to the affected DBLTek GoIP devices, especially from untrusted networks, to prevent remote exploitation. Since the vulnerability allows root shell access via an undocumented backdoor, network-level controls such as firewall rules blocking port 23 (Telnet) to these devices should be implemented. Additionally, check for and apply any firmware updates from DBLTek, although it is unclear if the December 2016 firmware update fully mitigates the issue. Monitoring devices for unusual Telnet activity and unauthorized access attempts is also recommended. [1, 3]