CVE-2022-24660 – The debug interface in Goldshell ASIC Miners fi... (How to Fix)

Q: What is the severity of CVE-2022-24660?

CVE-2022-24660 has a CVSS score of 7.5 (HIGH). The debug interface in Goldshell ASIC Miners firmware versions 2.2.1 and below is publicly accessible through the web interface, allowing unauthenticated attackers to retrieve passwords and sensitive information in plaintext. This affects all Goldshell ASIC Miner devices running vulnerable firmware versions.

📋 TL;DR

The debug interface in Goldshell ASIC Miners firmware versions 2.2.1 and below is publicly accessible through the web interface, allowing unauthenticated attackers to retrieve passwords and sensitive information in plaintext. This affects all Goldshell ASIC Miner devices running vulnerable firmware versions.

💻 Affected Systems

Products:

Goldshell ASIC Miners

Versions: v2.2.1 and below

Operating Systems: Embedded Linux firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices with default configurations are vulnerable. The debug interface is enabled by default in affected firmware versions.

📦 What is this software?

Goldshell Miner Firmware by Goldshell

View all CVEs affecting Goldshell Miner Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full administrative access to mining devices, steal cryptocurrency wallets, reconfigure devices for malicious mining pools, or use devices as footholds into internal networks.

🟠

Likely Case

Attackers steal administrator credentials, access mining pool configurations, and potentially redirect mining rewards to attacker-controlled wallets.

🟢

If Mitigated

Limited information disclosure if debug interface is properly restricted, but still exposes configuration details.

🌐 Internet-Facing: HIGH - The vulnerability is in the web interface, making internet-exposed devices immediately vulnerable to remote exploitation.

🏢 Internal Only: HIGH - Even internally accessible devices are vulnerable to insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only web browser access to the debug interface endpoint. Public proof-of-concept exists in security research publications.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v2.2.2 or later

Vendor Advisory: https://github.com/goldshellminer/firmware

Restart Required: Yes

Instructions:

1. Download latest firmware from Goldshell repository. 2. Access miner web interface. 3. Navigate to System > Upgrade. 4. Upload firmware file. 5. Wait for automatic reboot.

🔧 Temporary Workarounds

Disable debug interface

all

Manually disable debug interface through configuration if firmware update not possible

Access web interface > System > Advanced > Disable debug mode

Network isolation

linux

Restrict web interface access to trusted networks only

iptables -A INPUT -p tcp --dport 80 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP

🧯 If You Can't Patch

Isolate mining devices on separate VLAN with no internet access
Implement strict firewall rules blocking all external access to miner web interfaces

🔍 How to Verify

Check if Vulnerable:

Access http://MINER_IP/debug or check firmware version in web interface System > About

Check Version:

curl -s http://MINER_IP/api/v1/status | grep version

Verify Fix Applied:

Attempt to access debug interface endpoint and confirm 404/access denied, verify firmware version is v2.2.2+

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts
Access to /debug endpoint in web logs
Configuration changes from unknown IPs

Network Indicators:

HTTP requests to /debug endpoint
Unusual outbound connections from miners
Traffic to unknown mining pools

SIEM Query:

source="web_logs" AND (uri="/debug" OR user_agent="*debug*" OR status_code=200 AND uri="*/api/*")

📊 Metadata

CVE ID: CVE-2022-24660

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-312

Published: July 20, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/goldshellminer/firmware Third Party Advisory
https://jamesachambers.com/cryptocurrency-asic-miners-security-and-hacking-audit/ Exploit,Mitigation,Third Party Advisory
https://github.com/goldshellminer/firmware Third Party Advisory
https://jamesachambers.com/cryptocurrency-asic-miners-security-and-hacking-audit/ Exploit,Mitigation,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24660, you might also want to check these: