CVE-2009-3710
published 2009-10-16CVE-2009-3710: RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username (dbadmin) and password (sq!us3r) for an SSH tunnel, which allows remote attackers to gain…
PriorityP261critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
8.50%
94.4th percentile
RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username (dbadmin) and password (sq!us3r) for an SSH tunnel, which allows remote attackers to gain privileges via port 8022.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| riorey | rios | — | — |
| riorey | rios | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for SSH authentication attempts on non-standard port 8022 using the hardcoded username 'dbadmin', which is indicative of exploitation of this CVE against RioRey RIOS devices. ↗
- →Successful login via SSH on port 8022 with username 'dbadmin' results in immediate root-level access (uid=0); alert on any successful SSH session on port 8022 to RioRey appliances. ↗
- →The web interface password reset does NOT disable the hardcoded SSH tunnel credentials; do not rely on admin password changes as a mitigation indicator. ↗
- ·The hardcoded credentials (dbadmin / sq!us3r) are embedded in the RioRey RIOS firmware and cannot be changed by the administrator; affected versions are 4.6.6 and 4.7.0, and possibly others. ↗
- ·The affected devices run Linux kernel 2.6.16.6, which is additionally susceptible to local privilege escalation vulnerabilities, compounding the risk of this hardcoded credential issue. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2009-10-16
Published