CVE-2020-26201 – This vulnerability allows attackers to gain una... (How to Fix)

Q: What is the severity of CVE-2020-26201?

CVE-2020-26201 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to gain unauthorized administrative or root access to Askey AP5100W Dual-SIG WiFi mesh access points via Telnet or SSH using weak default passwords. Affected systems include all Askey AP5100W_Dual_SIG versions 1.01.097 and earlier. Attackers can fully compromise the device's operating system.

📋 TL;DR

This vulnerability allows attackers to gain unauthorized administrative or root access to Askey AP5100W Dual-SIG WiFi mesh access points via Telnet or SSH using weak default passwords. Affected systems include all Askey AP5100W_Dual_SIG versions 1.01.097 and earlier. Attackers can fully compromise the device's operating system.

💻 Affected Systems

Products:

Askey AP5100W Dual-SIG WiFi Mesh Access Point

Versions: All versions up to and including 1.01.097

Operating Systems: rlx-linux

Default Config Vulnerable: ⚠️ Yes

Notes: All devices with default configurations are vulnerable. The weak password is hardcoded at the OS level.

📦 What is this software?

Ap5100w Firmware by Askey

View all CVEs affecting Ap5100w Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover allowing attackers to intercept network traffic, deploy malware, pivot to internal networks, or use the device as a persistent foothold for further attacks.

🟠

Likely Case

Unauthorized administrative access leading to network eavesdropping, configuration changes, and potential credential theft from connected devices.

🟢

If Mitigated

Limited impact if strong network segmentation, access controls, and monitoring are implemented to detect and block unauthorized access attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only knowledge of the weak password and network access to Telnet/SSH services. The Medium article provides detailed exploitation methodology.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 1.01.097

Vendor Advisory: https://www.askey.com.tw/incident_report_notifications.html

Restart Required: Yes

Instructions:

1. Contact Askey for updated firmware. 2. Download the latest firmware version. 3. Upload and apply the firmware update through the device's web interface. 4. Reboot the device to complete the update.

🔧 Temporary Workarounds

Disable Telnet and SSH Services

linux

Disable remote access services if they are not required for operations

telnetd stop
sshd stop
systemctl disable telnetd
systemctl disable sshd

Change Default Passwords

linux

Change all default passwords to strong, unique credentials

passwd root
passwd admin

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected devices from critical networks
Deploy network monitoring and intrusion detection to alert on unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Attempt to connect via Telnet or SSH using known weak/default credentials. Check device firmware version through web interface or CLI.

Check Version:

cat /etc/version or check web interface system information

Verify Fix Applied:

Verify firmware version is newer than 1.01.097. Test that weak credentials no longer provide access via Telnet/SSH.

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts followed by successful logins from unexpected sources
Telnet/SSH connections from unauthorized IP addresses

Network Indicators:

Unexpected Telnet/SSH traffic to device management interfaces
Traffic patterns indicating configuration changes or data exfiltration

SIEM Query:

source="device_logs" (event="authentication_success" AND user="root" OR user="admin") OR (service="telnet" OR service="ssh") AND dest_ip="device_ip"

📊 Metadata

CVE ID: CVE-2020-26201

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-521

Published: December 10, 2020

Last Updated: November 21, 2024

🔗 References

https://medium.com/csg-govtech/bolstering-security-how-i-breached-a-wifi-mesh-access-point-from-close-proximity-to-uncover-f8f77dc3cd5d Exploit,Third Party Advisory
https://www.askey.com.tw/ Vendor Advisory
https://www.askey.com.tw/incident_report_notifications.html Broken Link,Vendor Advisory
https://medium.com/csg-govtech/bolstering-security-how-i-breached-a-wifi-mesh-access-point-from-close-proximity-to-uncover-f8f77dc3cd5d Exploit,Third Party Advisory
https://www.askey.com.tw/ Vendor Advisory
https://www.askey.com.tw/incident_report_notifications.html Broken Link,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-26201, you might also want to check these: