- According to a published paper (https://www.cs.ucr.edu/~zhiyunq/pub/ccs24_wireless_mesh.pdf), Deco devices re-use their 512-bit rsa ssh host key as their authorization key also
- 512-bit rsa keys can be cracked in a matter of weeks on commodity hardware
- However, the ssh shell binary only allows port forwarding (no ssh interative session) so this only increases attack surface but does not allow a direct login
- According to the researchers, port-forwarding to the mesh config distribution "tmpsvr" binary exposes an exploitable vlunerability that can be used to gain RCE, but no exploit is published yet