A critical vulnerability exists in multiple Shenzhen Tuoshi products due to a hidden, hard-coded administrator account. This flaw allows an unauthenticated attacker with network access to the device to gain complete control, posing a severe risk to network security, data confidentiality, and operational integrity.

The affected devices ship with the SSH service enabled by default and contain a hard-coded, privileged root account. The credentials for this account are static across all vulnerable devices and cannot be changed or disabled through the device's graphical user interface (GUI). An attacker who knows these credentials can remotely log into the device with the highest level of administrative privileges, bypassing all standard authentication mechanisms.

This vulnerability is rated as critical severity with a CVSS score of 9.8, reflecting the ease of exploitation and the potential for complete system compromise. Successful exploitation grants an attacker full administrative control over the network device. This could lead to severe consequences, including eavesdropping on network traffic, redirecting data to malicious sites, launching further attacks against the internal network, installing persistent malware, or incorporating the device into a botnet. The compromise of a core network device can result in significant data breaches, service disruptions, and reputational damage.

Immediate Action: Organizations must immediately apply the security updates provided by the vendor. The primary remediation is to update all affected Shenzhen Tuoshi products to the latest patched version, which is expected to remove or allow for the modification of the hard-coded credentials. After patching, verify that the hidden account is no longer accessible.

Proactive Monitoring: Security teams should actively monitor for any signs of compromise. This includes reviewing SSH access logs for successful or attempted logins using the root account, especially from untrusted or external IP addresses. Monitor network traffic for unusual patterns originating from these devices, such as connections to known malicious command-and-control (C2) servers.

Compensating Controls: If patching cannot be performed immediately, implement network-level controls as a temporary mitigation. Use a firewall or Access Control Lists (ACLs) to block all inbound access to the SSH port (TCP/22) from the internet and other untrusted network segments. If remote administration is required, restrict SSH access to a dedicated, secure management network or a whitelist of trusted IP addresses.

Public Exploit Available: true

Given the critical CVSS score of 9.8 and the trivial nature of exploitation, this vulnerability requires immediate attention. All organizations using affected Shenzhen Tuoshi products should prioritize the deployment of the vendor-supplied patch without delay. If patching is not immediately feasible, the compensating controls outlined above must be implemented as an emergency measure to reduce the attack surface. Although this CVE is not currently on the CISA KEV list, its characteristics make it a prime candidate for future inclusion, and organizations should treat it with the urgency of a known exploited vulnerability.