Thermo Fisher Ion Torrent OneTouch 2, Weak Default Credentials, CVE-2025-53963 (Critical)

By /

Listen to this Post

The vulnerability CVE-2025-53963 exploits a fundamental weakness in the security configuration of the Thermo Fisher Ion Torrent OneTouch 2 (INS1005527) device. The device runs an SSH server accessible on the default TCP port 22. The root account for this service is configured with a weak, hardcoded default password: ‘ionadmin’. Critically, the system does not enforce a password change policy for this privileged account. This creates a static backdoor. An attacker with network connectivity to the device can perform a straightforward credential-based attack. They first identify the device on the network, often through service scanning for open port 22. Upon discovery, they initiate an SSH connection attempt. Using the username ‘root’ and the password ‘ionadmin’, the attacker successfully authenticates. This grants them an interactive root shell on the system. Consequently, they achieve immediate and complete (root-level) code execution without needing to exploit any software flaw. The compromise provides full control over the device’s operating system and applications. This allows for data theft, system manipulation, or use as a network pivot point. The risk is exacerbated because the affected products are no longer supported by the maintainer, leaving no official path for a security update to rectify this configuration flaw.
Platform: Thermo Fisher Ion Torrent OneTouch 2
Version: INS1005527
Vulnerability: Weak Default Credentials
Severity: Critical
date: 2025-12-04

Prediction: No patch expected

What Undercode Say:

Analytics:

nmap -p 22 192.168.1.0/24
hydra -l root -P passwords.txt ssh://192.168.1.100
ssh [email protected]
Enter password: ionadmin
whoami
Output: root

How Exploit:

Attack Vector: Network-accessible SSH service with default credentials.

Prerequisites: Attacker needs network access to port 22/TCP of the target device.
Steps: 1. Discover device via port scan. 2. Attempt SSH login as `root` with password ionadmin. 3. Execute arbitrary commands with root privileges.

Protection from this CVE

Change root password.

Disable SSH if unused.

Implement network segmentation.

Impact

Full system compromise.

Unauthorized data access.

Network pivot point.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top