Maya pulled the binary off the flash drive. She disassembled the handshake. Usually, SSH1 used a fixed 8-byte random cookie. Version 1.25 used a 32-byte payload. It wasn't an exploit. It was a trigger .
If you sent that specific malformed handshake, the router erased the running config, loaded the original manufacturer’s backup, and set the password to cisco123 . cisco ssh 1.25 vulnerabilities
“It’s a skeleton key,” Maya said. “And it’s been in the wild for 1,825 days.” Maya pulled the binary off the flash drive
They were redirecting traffic.