Login Sign Up

CVE-2024-37644

8.8 HIGH

📋 TL;DR

TRENDnet TEW-814DAP wireless access points contain a hardcoded root password in the /etc/shadow.sample file, allowing attackers to gain complete administrative control. This affects all devices running firmware version 1.01B01. Attackers can use this default credential to compromise the device and potentially pivot to other network resources.

💻 Affected Systems

Products:
  • TRENDnet TEW-814DAP
Versions: Firmware version 1.01B01
Operating Systems: Embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All devices with this firmware version are vulnerable out-of-the-box. The hardcoded password is present in the sample shadow file.

📦 What is this software?

Tew 814dap Firmware by Trendnet

View all CVEs affecting Tew 814dap Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain root access, install persistent malware, pivot to internal networks, intercept all traffic, and brick devices.

🟠

Likely Case

Attackers gain administrative access, change device settings, intercept wireless traffic, and use device as foothold for further attacks.

🟢

If Mitigated

With proper network segmentation and access controls, impact limited to isolated device compromise.

🌐 Internet-Facing: HIGH - Wireless access points are typically internet-facing, allowing remote attackers to exploit this vulnerability.
🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they gain network access, but requires local network presence.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only knowledge of the hardcoded password and SSH/Telnet access to the device. Public GitHub repository contains details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Check TRENDnet website for firmware updates. If update exists, download and apply through web interface.

🔧 Temporary Workarounds

Change root password

linux

Manually change the root password to a strong, unique password

passwd root

Disable remote administration

all

Disable SSH/Telnet access from WAN interface

🧯 If You Can't Patch

  • Isolate device on separate VLAN with strict firewall rules
  • Implement network monitoring for suspicious authentication attempts

🔍 How to Verify

Check if Vulnerable:

SSH into device as root using known hardcoded password from GitHub repository. If login succeeds, device is vulnerable.

Check Version:

cat /etc/version or check web interface firmware version

Verify Fix Applied:

Attempt SSH login with old hardcoded password - should fail. Verify new strong password works.

📡 Detection & Monitoring

Log Indicators:

  • Failed root login attempts
  • Successful root logins from unusual IPs
  • Authentication logs showing default credential use

Network Indicators:

  • SSH/Telnet connections to device on unusual ports
  • Traffic spikes from device to internal networks

SIEM Query:

source="auth.log" (user="root" AND success="true") OR (user="root" AND password="*hardcoded*")

📊 Metadata

CVE ID: CVE-2024-37644
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-259
Published: June 14, 2024
Last Updated: May 27, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-37644, you might also want to check these:

CVE-2025-20286 9.9

A critical vulnerability in Cisco ISE cloud deployments allows unauthenticated attackers to access s...

Same vulnerability type (CWE-259)
CVE-2024-33625 9.8

CyberPower PowerPanel Business application contains a hard-coded JWT signing key, allowing attackers...

Same vulnerability type (CWE-259)
CVE-2017-20039 9.8

CVE-2017-20039 is a critical authentication weakness in SICUNET Access Controller that allows remote...

Same vulnerability type (CWE-259)