PT-2025-42215 · Dbltek · Dbltek Goip
Published
2025-10-15
·
Updated
2025-10-15
·
CVE-2017-20204
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
DBLTek GoIP devices versions 1, 4, 8, 16, and 32
Description
DBLTek GoIP devices contain an undocumented vendor backdoor in the Telnet administrative interface. This allows remote authentication as an undocumented user through a flawed challenge–response scheme. An attacker can authenticate without a secret and gain a root shell, leading to persistent remote code execution and full device compromise. The firmware was updated in December 2016 to increase the complexity of exploitation, but full mitigation is unconfirmed.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dbltek Goip