A critical security loophole has been unveiled in Arcadyan routers, originating from the unforeseen presence of Wi-Fi Alliance’s evaluation software in operational devices.
Security analysts have detected a flaw related to command injection (CVE-2024-41992) that might enable malevolent parties to acquire total authority over impacted routers.
Details of Vulnerability
The issue lies within the Wi-Fi Testing Tool, a utility formulated by the Wi-Fi Alliance for validation examinations. This tool, not designed for operational use, was detected on commercial Arcadyan router variants, specifically the FMIMG51AX000J.
As noted by security specialists, the successful exploitation of this security flaw could lead to significant repercussions:
- Total administrative dominance over impacted routers
- The capacity to alter system configurations
- Potential interference with network services
- Possible exposure of network data
- The threat of service disruptions for connected individuals
Security analysts have unveiled that the Wi-Fi Testing Tool, a development utility crafted by the Wi-Fi Alliance for validation examinations, was surprisingly existing on commercial Arcadyan router variants, specifically the FMIMG51AX000J.
The vulnerability resides in the susceptibility of the tool to command injection assaults. Culprits can capitalize on this weakness and seize complete control over the devices by dispatching meticulously formed packets to the influenced routers.
The Wi-Fi Testing Tool operates on TCP ports 8000 and 8080, accepting TLV (Type-Length-Value) packets. Researchers revealed that by manipulating these packets, they could introduce malevolent commands and attain remote code execution.
The flaw empowers unauthorized local intruders to execute commands with root privileges by dispatching purposefully constructed network packets to influenced devices.
The successful exploitation of this vulnerability bestows culprits full administrative access to the affected routers. With this level of control, assailants can alter system configurations, disrupt network services, and potentially compromise the security of all connected devices and users.
Researchers stumbled upon options to counteract the limited length input that certain functions accepted during initial efforts to exploit the vulnerability.
By targeting functions that accept more extensive inputs, such as the “wfaTGSendPing” function, culprits can inject more intricate commands and realize their malevolent objectives.
Noam Rathaus from SSD Disclosure made the initial discovery, and Timur Snoke at CERT/CC documented it
Suggested Resolutions
CERT/CC has laid out clear counsel for addressing this security risk:
- Vendors should promptly upgrade the Wi-Fi Testing Tool to version 9.0 or higher
- Alternatively, the testing tool should be entirely eradicated from operational devices
- Network administrators should evaluate their devices for the existence of this vulnerability
This occurrence underscores the significance of appropriate security protocols in operational environments and the hazards of retaining testing utilities in deployed devices.
Network administrators and clients of Arcadyan routers are urged to scrutinize their devices and implement the proposed solutions expeditiously.
The National Cybersecurity Agency of France (ANSSI) has orchestrated this vulnerability with Bouygues Telecom and verified that they have enforced a remedy on all their equipment.
The post Wi-Fi Testing Tool Command Injection Vulnerability Uncovered in Arcadyan Routers was first published on Cyber Security News.