Researchers have uncovered yet another issue and potential backdoor in Advantech s beleaguered EKI-1322 serial device server. The Dropbear SSH daemon associated with the server, because of heavy modifications, fails to enforce authentication. This makes it so any user who wants to bypass authentication can do so with a public key and password. The firm claims it is unclear whether the backdoor is reachable on a production device by an unauthenticated attacker. The EKI series of products are Modbus gateways which connect serial devices to TCP/IP networks.
Source: https://threatpost.com/advantech-eki-vulnerable-to-bypass-possible-backdoor/115900/