CVE-2019-13473 – Multiple internet radio devices from TELESTAR, ... (How to Fix)

Q: What is the severity of CVE-2019-13473?

CVE-2019-13473 has a CVSS score of 9.8 (CRITICAL). Multiple internet radio devices from TELESTAR, Dabman, and Imperial brands contain an undocumented telnet service in their BusyBox subsystem that provides root access without authentication. This allows attackers to gain complete control over affected devices. All users of these specific internet radio models are affected.

📋 TL;DR

Multiple internet radio devices from TELESTAR, Dabman, and Imperial brands contain an undocumented telnet service in their BusyBox subsystem that provides root access without authentication. This allows attackers to gain complete control over affected devices. All users of these specific internet radio models are affected.

💻 Affected Systems

Products:

TELESTAR Bobs Rock Radio
Dabman D10
Dabman i30 Stereo
Imperial i110
Imperial i150
Imperial i200
Imperial i200-cd
Imperial i400
Imperial i450
Imperial i500-bt
Imperial i600 TN81HH96-g102h-g102

Versions: All versions with the vulnerable firmware

Operating Systems: Embedded Linux with BusyBox

Default Config Vulnerable: ⚠️ Yes

Notes: The telnet service is enabled by default and requires no authentication. Affects specific hardware models with vulnerable firmware.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to install malware, pivot to internal networks, intercept communications, or use devices as botnet nodes.

🟠

Likely Case

Remote attackers gain root shell access to modify device settings, install unauthorized software, or use devices for cryptocurrency mining or DDoS attacks.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the isolated device only.

🌐 Internet-Facing: HIGH - Devices are often directly connected to the internet with no authentication required for telnet access.

🏢 Internal Only: HIGH - Once inside the network, attackers can easily exploit this backdoor to gain root access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation is trivial - simply telnet to the device on port 23. Public exploit code and detailed analysis available in referenced advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official vendor advisory found

Restart Required: No

Instructions:

No official patch available. Check manufacturer website for firmware updates, but none have been documented for this vulnerability.

🔧 Temporary Workarounds

Disable Telnet Service

linux

Disable the telnet service if device configuration allows it

telnetd -l /bin/sh -p 23 (check if this can be disabled via device settings)

Block Telnet Port

linux

Block port 23 at network perimeter

iptables -A INPUT -p tcp --dport 23 -j DROP

🧯 If You Can't Patch

Segment affected devices on isolated network VLAN with no internet access
Implement strict firewall rules to block all inbound telnet connections to affected devices

🔍 How to Verify

Check if Vulnerable:

Run 'telnet [device_ip] 23' - if you get a root shell without authentication, device is vulnerable

Check Version:

Check device firmware version via web interface or telnet shell if accessible

Verify Fix Applied:

Attempt telnet connection to port 23 - should be blocked or require authentication

📡 Detection & Monitoring

Log Indicators:

Telnet connection attempts on port 23
Unauthorized root login events

Network Indicators:

Unexpected telnet traffic to/from internet radio devices
Port 23 scans targeting internal devices

SIEM Query:

source_port=23 OR dest_port=23 AND (device_type="internet_radio" OR device_vendor IN ("TELESTAR", "Dabman", "Imperial"))

📊 Metadata

CVE ID: CVE-2019-13473

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-798

Published: September 11, 2019

Last Updated: November 21, 2024

🔗 References

http://packetstormsecurity.com/files/154416/Dabman-And-Imperial-Web-Radio-Devices-Undocumented-Telnet-Backdoor.html Exploit,Third Party Advisory,VDB Entry
http://packetstormsecurity.com/files/174503/Internet-Radio-auna-IR-160-SE-UIProto-DoS-XSS-Missing-Authentication.html
http://seclists.org/fulldisclosure/2023/Sep/1
https://www.vulnerability-lab.com/get_content.php?id=2183 Exploit,Third Party Advisory
http://packetstormsecurity.com/files/154416/Dabman-And-Imperial-Web-Radio-Devices-Undocumented-Telnet-Backdoor.html Exploit,Third Party Advisory,VDB Entry
http://packetstormsecurity.com/files/174503/Internet-Radio-auna-IR-160-SE-UIProto-DoS-XSS-Missing-Authentication.html
http://seclists.org/fulldisclosure/2023/Sep/1
https://www.vulnerability-lab.com/get_content.php?id=2183 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-13473, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Bobs Rock Radio Firmware by Telestar

Connect 100 Firmware by Auna

Dabman D10 Firmware by Telestar

Dabman I30 Stereo Firmware by Telestar

Imperial I110 Firmware by Telestar

Imperial I150 Firmware by Telestar

Imperial I200 Cd Firmware by Telestar

Imperial I200 Firmware by Telestar

Imperial I400 Firmware by Telestar

Imperial I450 Firmware by Telestar

Imperial I500 Bt Firmware by Telestar

Imperial I600 Firmware by Telestar