demohaa.blogg.se - Amino set top box hack

#Amino set top box hack full#
#Amino set top box hack password#
#Amino set top box hack professional#

Also, the credentials I found in the other firmware version did not work. The file contained a link to a document on Google Docs.ĭuring the portscan I noticed an SSH server running on port 10022, but I was not able to login since default credentials (and combo lists) did not work. The file ‘cpemgttools’ looked interesting. Then I tried finding more information about the CPEMGT HTTP request I saw earlier since I figured there would be more options other than the NOP response I saw earlier.

I found some credentials online and in the firmware that I tried to use in order to login using the SSH service found on port 10022 but those did not work. Since firmware of the same vendor often does not vary a lot between different devices I figured this might give some more insight in the device and services. I did some google-fu and found firmware for another Amino device. Since I did not have a lot of information to go on I tried to find the firmware of the device online so I could get some more information about these services. Obviously I tried bruteforcing, gobuster etc. Then I started looking at the webservices but those required authentication. (screenshot made after getting shell access) When I received the device the first thing I did (obviously) is open it up: However, my ISP now offered a free second STB and enabled the second IPTV port, so I jumped on the opportunity and ordered one. Originally the service would only allow a single STB to be connected, and since I also have a family I thought it would be wise not to mess with our main TV-setup. (I managed to root this device as well but that requires local / physical access, so not that spectacular and not part of this write up).

All the device does is split the VLANs that are supplied over the fiber channel to the individual ports on the device. The fiber connection in my home terminates in a FTU which has 2 LAN ports, 2 IPTV ports and 2 phone ports. I’ve had a fiber connection in my home for years and also opted for the ‘digital TV’ package, which basically means I switched my main TV from a DVB-C setup to IPTV.

#Amino set top box hack professional#

Both had a very professional approach and took these issues seriously.

CVE-2020–10209 - Command Injection in the CPE WAN Management Protocol (CWMP) registrationĪll findings have been resolved by Caiway/Delta and Aminocom after I informed them.

CVE-2020–10208 - Command Injection in EntoneWebEngine.

CVE-2020–10207 - Use of Hard-coded Credentials in EntoneWebEngine.

#Amino set top box hack password#

CVE-2020–10206 - Use of a Hard-coded Password in VNCserver in Amino Communications Aria 7.

#Amino set top box hack full#

Earlier this year I decided to take a look at the Aminocom Aria 7 settopbox (STB) I received from my ISP Caiway / Delta to see if I could get shell access on the device and take a further look into its inner workings.Īs it turned out I was not only able to get a shell on the device but also take full control of all STBs in the IPTV network, which allowed me to view details of the streams customers were watching, changing the channels, control volume and even streaming my own content to the devices.