cbcvebase.
CVE-2009-3710
published 2009-10-16

CVE-2009-3710: RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username (dbadmin) and password (sq!us3r) for an SSH tunnel, which allows remote attackers to gain…

PriorityP261critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
8.50%
94.4th percentile
RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username (dbadmin) and password (sq!us3r) for an SSH tunnel, which allows remote attackers to gain privileges via port 8022.

Affected

2 ranges
VendorProductVersion rangeFixed in
rioreyrios
rioreyrios

Detection & IOCsextracted from sources · hover to see the quote

port8022
otherusername: dbadmin
otherpassword: sq!us3r
commandssh -p 8022 dbadmin@<target>
  • Monitor for SSH authentication attempts on non-standard port 8022 using the hardcoded username 'dbadmin', which is indicative of exploitation of this CVE against RioRey RIOS devices.
  • Successful login via SSH on port 8022 with username 'dbadmin' results in immediate root-level access (uid=0); alert on any successful SSH session on port 8022 to RioRey appliances.
  • The web interface password reset does NOT disable the hardcoded SSH tunnel credentials; do not rely on admin password changes as a mitigation indicator.
  • ·The hardcoded credentials (dbadmin / sq!us3r) are embedded in the RioRey RIOS firmware and cannot be changed by the administrator; affected versions are 4.6.6 and 4.7.0, and possibly others.
  • ·The affected devices run Linux kernel 2.6.16.6, which is additionally susceptible to local privilege escalation vulnerabilities, compounding the risk of this hardcoded credential issue.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.