Comment by Fabricio20

10 hours ago

Oh this is amazing! I have a few of their cube routers sitting around and I always hated how app-locked their firmware was when it really is just a wifi repeater with a few extras (mesh) on top. Root access will do wonders to bypassing the app now (and also disabling their ping-for-green-light mechanism which spams the network with a constant dns resolution to microsoft.com lol).

Also honest take this looks less like a "backdoor" (implies malicious - this is a link to a CVE after all) and more like a developer access credential/default credential that was burned into the firmware (i'd imagine the code remains but on a production run they randomize the key so its non-guessable but then you get lazy and dont run that extra step and this slips in/you burn the bare firmware with no production configs).

why would a consumer device need a randomized password?

  • Maybe so when you factory reset the device that it sets the admin to something you can maybe read off the label? At least that way the random attacker needs physical access to your space.

Yes, it is randomized but due to a quirk in the universal probability waveform it always randomizes to 'rzadmin'. Scientists are baffled.