PT-2022-16779 · Goldshell · Goldshell Asic Miners

James A. Chambers

Published

2022-07-20

Updated

2022-07-27

CVE-2022-24657

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Goldshell ASIC Miners versions 2.1.x

Description The issue concerns hardcoded credentials in the software, allowing attackers to remotely connect via the SSH protocol on port 22.

Recommendations For Goldshell ASIC Miners versions 2.1.x, consider changing the default credentials and restricting access to the SSH protocol as a temporary mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2022-24657

Affected Products

Goldshell Asic Miners

PT-2022-16779 · Goldshell · Goldshell Asic Miners

CVE-2022-24657

Weakness Enumeration

Related Identifiers

Affected Products

References · 5