CVE-2023-0896: Lenovo Smart Clock Essential’s SSH Hard-Coded Password Vulnerability

Smart home devices have become increasingly popular, offering users unprecedented convenience and control over their home environments. One such device is the Lenovo Smart Clock Essential, which comes with Amazon Alexa support. However, even these devices are not immune to security vulnerabilities. Recently, Cisco Talos researchers discovered a critical vulnerability (CVE-2023-0896) in the Lenovo Smart Clock Essential, which could allow an attacker to take complete control of the device if they have access to the same network.

Image: Lenovo

Understanding CVE-2023-0896: The SSH Hard-Coded Password Vulnerability

CVE-2023-0896, with a CVSS score of 9.8, is a hard-coded password vulnerability found in the SSH and telnet functionality of the Lenovo Smart Clock Essential (version 4.9.113). The vulnerability exists because the smart clock does not change its hardcoded credentials once it’s set up and connected to the network. The default username and password are “root” and “123456,” respectively. These hardcoded credentials are weak, easily guessed, or cracked, even using low-end hardware and a basic dictionary attack.

An attacker can exploit this vulnerability by crafting a specific command line argument, allowing them to gain full control of the device using SSH or telnet, provided they already have network access.

Mitigating the Risks of CVE-2023-0896

To protect your Lenovo Smart Clock Essential from this vulnerability, follow these steps:

  1. Update your device: Cisco Talos worked closely with Lenovo to address this issue, resulting in a software update for affected users. Update your Lenovo Smart Clock Essential to software version 90 or later, as recommended by Lenovo. This update resolves the vulnerability and secures your device.
  2. Monitor network access: Be cautious of who has access to your network. Limiting access to only trusted users reduces the risk of unauthorized individuals exploiting vulnerabilities like CVE-2023-0896.