CVE-2022-47036
📋 TL;DR
Siklu TG Terragraph devices have a hardcoded root password that can be discovered via brute force attacks on an MD5 hash. This allows attackers to gain administrative 'debug login' access to affected devices. Organizations using Siklu TG Terragraph devices before hardware replacement are vulnerable.
💻 Affected Systems
- Siklu TG Terragraph devices
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of network infrastructure, allowing attackers to reconfigure devices, intercept traffic, disable services, or use devices as pivot points into internal networks.
Likely Case
Unauthorized administrative access leading to device configuration changes, service disruption, or credential harvesting from connected systems.
If Mitigated
Limited impact if devices are isolated in secure network segments with strict access controls and monitoring.
🎯 Exploit Status
The hardcoded password hash has been publicly revealed and can be brute-forced. No authentication is required to attempt exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: N/A
Vendor Advisory: N/A
Restart Required: No
Instructions:
Replace affected hardware with newer models. Contact Siklu for hardware replacement options and migration guidance.
🔧 Temporary Workarounds
Network segmentation and access controls
allIsolate Terragraph devices in dedicated network segments with strict firewall rules limiting access to authorized management IPs only.
Disable debug login if possible
allCheck device configuration for debug login options and disable if available in administrative interface.
🧯 If You Can't Patch
- Implement strict network segmentation with firewall rules allowing only necessary management traffic from trusted sources
- Enable comprehensive logging and monitoring for authentication attempts and configuration changes on affected devices
🔍 How to Verify
Check if Vulnerable:
Check device model and hardware version. Older hardware models are vulnerable regardless of firmware version.Check Version:
Check device hardware model via administrative interface or physical inspectionVerify Fix Applied:
Verify hardware has been replaced with newer models not containing the hardcoded password.📡 Detection & Monitoring
Log Indicators:
- Failed authentication attempts followed by successful root login
- Unexpected configuration changes
- Debug login events
Network Indicators:
- Unauthorized SSH/Telnet connections to device management interfaces
- Unexpected outbound connections from devices
SIEM Query:
source="terragraph-device" AND (event_type="authentication" AND result="success" AND user="root") OR (event_type="configuration_change" AND user!="authorized_admin")