CVE-2022-24657 – Goldshell ASIC Miners v2.1.x contain hardcoded ... (How to Fix)

Q: What is the severity of CVE-2022-24657?

CVE-2022-24657 has a CVSS score of 9.8 (CRITICAL). Goldshell ASIC Miners v2.1.x contain hardcoded SSH credentials that allow attackers to remotely connect to the devices. This affects all Goldshell ASIC miners running vulnerable firmware versions, potentially giving attackers full control over mining operations.

📋 TL;DR

Goldshell ASIC Miners v2.1.x contain hardcoded SSH credentials that allow attackers to remotely connect to the devices. This affects all Goldshell ASIC miners running vulnerable firmware versions, potentially giving attackers full control over mining operations.

💻 Affected Systems

Products:

Goldshell ASIC Miners

Versions: v2.1.x firmware versions

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All devices with default SSH configuration are vulnerable. SSH port 22 is typically enabled by default.

📦 What is this software?

Goldshell Miner Firmware by Goldshell

View all CVEs affecting Goldshell Miner Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full administrative control over mining devices, steal cryptocurrency, install malware, use devices for botnets, or destroy hardware through malicious firmware.

🟠

Likely Case

Attackers hijack mining operations to redirect cryptocurrency earnings, install cryptojacking malware, or use devices for DDoS attacks.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to isolated mining operations with no access to other systems.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Attackers can use standard SSH clients with known hardcoded credentials. No special tools or skills required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official vendor advisory found

Restart Required: No

Instructions:

No official patch available. Check Goldshell website or firmware repository for updates.

🔧 Temporary Workarounds

Change SSH Credentials

linux

Immediately change SSH passwords and disable default accounts

passwd root
passwd admin
userdel default_user

Disable SSH or Restrict Access

linux

Disable SSH service or restrict to internal network only

systemctl stop sshd
iptables -A INPUT -p tcp --dport 22 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP

🧯 If You Can't Patch

Isolate mining devices on separate VLAN with no internet access
Implement network firewall rules to block SSH access from untrusted networks

🔍 How to Verify

Check if Vulnerable:

Attempt SSH login with known default credentials (specific credentials not listed for security)

Check Version:

cat /etc/version or check device web interface

Verify Fix Applied:

Verify SSH login fails with old credentials and new credentials work

📡 Detection & Monitoring

Log Indicators:

Failed SSH login attempts from multiple IPs
Successful SSH logins from unusual locations
SSH brute force patterns

Network Indicators:

SSH connections to mining devices from external IPs
Unusual outbound traffic from mining devices

SIEM Query:

source="auth.log" "sshd" ("Accepted" OR "Failed") dest_ip="MINER_IP"

📊 Metadata

CVE ID: CVE-2022-24657

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-798

Published: July 20, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/goldshellminer/firmware Third Party Advisory
https://jamesachambers.com/cryptocurrency-asic-miners-security-and-hacking-audit/ Exploit,Mitigation,Third Party Advisory
https://github.com/goldshellminer/firmware Third Party Advisory
https://jamesachambers.com/cryptocurrency-asic-miners-security-and-hacking-audit/ Exploit,Mitigation,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24657, you might also want to check these: