Executive Summary

This vulnerability is an incorrect access control issue in the Dataphone A920 device version 2025.07.161103. It exposes a service on port 8888 by default on the local network without requiring authentication. This means an attacker on the local network can connect to the device via a TCP socket without needing credentials. Additionally, sending an HTTP request to this service causes an error response that reveals internal functionality, headers identifying Paytef dataphone packets, and the device's build version.

Useful 0 Not Useful 0

Impact Analysis

An attacker on the local network can access the exposed service without authentication, potentially allowing unauthorized interaction with the device. The error responses also leak sensitive information such as internal functionality, packet headers, and build version, which could aid an attacker in further exploiting the device or understanding its internal workings.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by scanning your local network for devices with port 8888 open. You can use network scanning tools such as nmap with the command: nmap -p 8888 <target-ip-range>. Additionally, sending an HTTP request to port 8888 on the device may trigger an error response exposing device information, which can confirm the presence of the vulnerable service.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting access to port 8888 on the local network, for example by using firewall rules to block or limit access to trusted hosts only. If possible, disable the service running on port 8888 or apply authentication mechanisms to prevent unauthorized access. Monitoring network traffic for connections to port 8888 can also help detect exploitation attempts.

Useful 0 Not Useful 0