CVE-2023-31808 – Technicolor TG670 10.5.N.9 devices contain hard... (How to Fix)

Q: What is the severity of CVE-2023-31808?

CVE-2023-31808 has a CVSS score of 7.2 (HIGH). Technicolor TG670 10.5.N.9 devices contain hard-coded administrative credentials that allow remote attackers to gain full control over the device when Remote Administration is enabled. This affects all users of these specific router models with vulnerable firmware versions.

📋 TL;DR

Technicolor TG670 10.5.N.9 devices contain hard-coded administrative credentials that allow remote attackers to gain full control over the device when Remote Administration is enabled. This affects all users of these specific router models with vulnerable firmware versions.

💻 Affected Systems

Products:

Technicolor TG670

Versions: 10.5.N.9 firmware

Operating Systems: Embedded router OS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in firmware; Remote Administration must be enabled for WAN exploitation

📦 What is this software?

Tg670 Firmware by Technicolor

View all CVEs affecting Tg670 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover allowing network traffic interception, DNS hijacking, malware deployment, and use as attack platform

🟠

Likely Case

Unauthorized administrative access leading to network configuration changes, credential theft, and persistent backdoor installation

🟢

If Mitigated

Limited impact if Remote Administration is disabled and device is behind firewall

🌐 Internet-Facing: HIGH - Direct remote exploitation possible when Remote Administration enabled

🏢 Internal Only: MEDIUM - Still vulnerable to internal attackers or compromised internal systems

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple credential-based authentication bypass using known hard-coded passwords

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://www.kb.cert.org/vuls/id/913565

Restart Required: No

Instructions:

No official patch available. Follow workarounds and mitigation steps.

🔧 Temporary Workarounds

Disable Remote Administration

all

Turn off WAN-side administrative access in router settings

Access router admin panel > Security/Administration > Disable 'Remote Administration' or 'Remote Management'

Change Default Credentials

all

Change all administrative passwords including hidden accounts

Access router admin panel > Administration/System > Change all password fields

🧯 If You Can't Patch

Isolate device in separate VLAN with strict firewall rules
Monitor for suspicious administrative login attempts and configuration changes

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router admin panel under System/Status. If version is 10.5.N.9, device is vulnerable.

Check Version:

Check via web interface: System > Status > Firmware Version

Verify Fix Applied:

Verify Remote Administration is disabled and attempt to access admin interface from external network (should fail)

📡 Detection & Monitoring

Log Indicators:

Successful admin logins from unexpected IP addresses
Configuration changes from unknown sources
Multiple failed login attempts followed by success

Network Indicators:

Administrative port (typically 80/443/8080) traffic from external IPs
Unusual outbound connections from router

SIEM Query:

source_ip=EXTERNAL AND (dest_port=80 OR dest_port=443 OR dest_port=8080) AND device_type="router" AND action="admin_login"

📊 Metadata

CVE ID: CVE-2023-31808

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-798

Published: September 19, 2023

Last Updated: November 21, 2024

🔗 References

https://www.kb.cert.org/vuls/id/913565 Third Party Advisory,US Government Resource
https://www.kb.cert.org/vuls/id/913565 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-31808, you might also want to check these: