CVE-2022-50803
📋 TL;DR
JM-DATA ONU JF511-TV devices running version 1.0.67 have hardcoded default administrative credentials that cannot be changed. Attackers can use these credentials to gain full administrative access to affected devices. This affects all users of these specific ONU devices who haven't manually changed the default configuration.
💻 Affected Systems
- JM-DATA ONU JF511-TV
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete device takeover allowing attackers to reconfigure network settings, intercept traffic, install malware, or use the device as a pivot point into internal networks.
Likely Case
Unauthorized administrative access leading to network disruption, data interception, or device reconfiguration for malicious purposes.
If Mitigated
Limited impact if devices are behind firewalls with strict network segmentation and access controls.
🎯 Exploit Status
Exploitation requires only knowledge of default credentials and network access to the device. Public exploit scripts are available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://www.jm-data.com/
Restart Required: No
Instructions:
No official patch available. Contact vendor for updated firmware or replacement devices.
🔧 Temporary Workarounds
Network Segmentation
allIsolate affected devices in separate VLANs with strict firewall rules to limit access.
Access Control Lists
allImplement network ACLs to restrict management interface access to authorized IP addresses only.
🧯 If You Can't Patch
- Replace affected devices with models that allow credential changes
- Deploy network monitoring to detect unauthorized access attempts
🔍 How to Verify
Check if Vulnerable:
Attempt to log into the device web interface using default credentials (admin/admin or similar). If successful, device is vulnerable.Check Version:
Check firmware version in device web interface or via SNMP query to device management interface.Verify Fix Applied:
Verify that default credentials no longer work and that unique, strong credentials are required for access.📡 Detection & Monitoring
Log Indicators:
- Multiple failed login attempts followed by successful login with default credentials
- Administrative configuration changes from unexpected IP addresses
Network Indicators:
- HTTP/HTTPS traffic to device management interface from unauthorized sources
- Unusual outbound connections from the device
SIEM Query:
source_ip=* AND destination_port=(80,443,8080) AND http_user_agent CONTAINS 'admin' AND event_outcome='success'🔗 References
- https://cxsecurity.com/issue/WLB-2022060058
- https://exchange.xforce.ibmcloud.com/vulnerabilities/229344
- https://packetstormsecurity.com/files/167487/
- https://www.jm-data.com/
- https://www.vulncheck.com/advisories/jm-data-onu-jf-tv-default-credentials-vulnerability
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5708.php
