Monday, May 12, 2025
HomeCVE/vulnerabilityCritical Flaws in Airplanes WiFi Access Point Let Attackers Gain Root Access

Critical Flaws in Airplanes WiFi Access Point Let Attackers Gain Root Access

Published on

SIEM as a Service

Follow Us on Google News

Two critical vulnerabilities have been found recently in the wireless LAN devices of Contec. These critical vulnerabilities were discovered by the cybersecurity analysts, Samy Younsi and Thomas Knudsen of Necrum Security Lab.

There are two models of the FLEXLAN FXA2000 and FXA3000 series from CONTEC which are primarily used in airplane installations as WiFi access points.

As a result, these devices offer extremely high-speed connectivity during flight trips for the following purposes:-

- Advertisement - Google News
  • Movies
  • Musics
  • Buy foods
  • Buy goodies

Affected Products

Here below we have mentioned all the products that are affected:-

  • All Contec FLEXLAN FXA3000 Series devices from version 1.15.00 and under.
  • All Contec FLEXLAN FXA2000 Series devices from version 1.38.00 and under.

Vulnerabilities

The following are the two critical vulnerabilities that are highlighted below:-

An adversary can exploit these vulnerabilities to compromise all types of inflight entertainment systems, and also other aspects of the system.

While performing the reverse engineering of the firmware for the first vulnerability (CVE-2022–36158), researchers discovered the first vulnerability.

CVE-2022-36159 is the second vulnerability which involves the use of the following two elements:-

  • Weak cryptographic keys
  • Backdoor accounts

The CVE-2022–36158 vulnerability can be traced to a hidden page in WiFi LAN Manager, and it was not displayed as part of the dashboard interface.

The aim of this page is to make it easier for the user to execute Linux commands that have root privileges on the device. 

Once access to all the data on the device had been gained, the threat actors had the ability to open the telnet port in order to gain full control over it.

Recommendation

Here below we have mentioned the remedies for these two vulnerabilities:-

  • CVE-2022–36158 Remedy 

Since the default password for the hidden engineering web page is extremely weak, it needs to be removed from the devices that are in production. Through this website, an attacker could very easily be able to inject a backdoor onto the device as it has a very weak default password.

  • CVE-2022-36159 Remedy

For each device, a unique password needs to be generated. The passwords for each device must be generated randomly throughout the manufacturing process, and each password must be unique.

Download Free SWG – Secure Web Filtering – E-book

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Threat Actors Leverage DDoS Attacks as Smokescreens for Data Theft

Distributed Denial of Service (DDoS) attacks, once seen as crude tools for disruption wielded...

20-Year-Old Proxy Botnet Network Dismantled After Exploiting 1,000 Unpatched Devices Each Week

A 20-year-old criminal proxy network has been disrupted through a joint operation involving Lumen’s...

“PupkinStealer” – .NET Malware Steals Browser Data and Exfiltrates via Telegram

A new information-stealing malware dubbed “PupkinStealer” has emerged as a significant threat to individuals...

Phishing Campaign Uses Blob URLs to Bypass Email Security and Avoid Detection

Cybersecurity researchers at Cofense Intelligence have identified a sophisticated phishing tactic leveraging Blob URIs...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Threat Actors Leverage DDoS Attacks as Smokescreens for Data Theft

Distributed Denial of Service (DDoS) attacks, once seen as crude tools for disruption wielded...

20-Year-Old Proxy Botnet Network Dismantled After Exploiting 1,000 Unpatched Devices Each Week

A 20-year-old criminal proxy network has been disrupted through a joint operation involving Lumen’s...

“PupkinStealer” – .NET Malware Steals Browser Data and Exfiltrates via Telegram

A new information-stealing malware dubbed “PupkinStealer” has emerged as a significant threat to individuals...