Critical Flaws in Airplanes WiFi Access Point Let Attackers Gain Root Access

Two critical vulnerabilities have been found recently in the wireless LAN devices of Contec. These critical vulnerabilities were discovered by the cybersecurity analysts, Samy Younsi and Thomas Knudsen of Necrum Security Lab.

There are two models of the FLEXLAN FXA2000 and FXA3000 series from CONTEC which are primarily used in airplane installations as WiFi access points.

As a result, these devices offer extremely high-speed connectivity during flight trips for the following purposes:-

• Movies
• Musics
• Buy foods
• Buy goodies

Affected Products

Here below we have mentioned all the products that are affected:-

• All Contec FLEXLAN FXA3000 Series devices from version 1.15.00 and under.

• All Contec FLEXLAN FXA2000 Series devices from version 1.38.00 and under.

Vulnerabilities

The following are the two critical vulnerabilities that are highlighted below:-

• CVE-2022-36158: Hidden system command web page.
• CVE-2022-36159: Use of weak Hard-coded Cryptographic Keys and backdoor account.

An adversary can exploit these vulnerabilities to compromise all types of inflight entertainment systems, and also other aspects of the system.

While performing the reverse engineering of the firmware for the first vulnerability (CVE-2022–36158), researchers discovered the first vulnerability.

CVE-2022-36159 is the second vulnerability which involves the use of the following two elements:-

• Weak cryptographic keys
• Backdoor accounts

The CVE-2022–36158 vulnerability can be traced to a hidden page in WiFi LAN Manager, and it was not displayed as part of the dashboard interface.

The aim of this page is to make it easier for the user to execute Linux commands that have root privileges on the device. 

Once access to all the data on the device had been gained, the threat actors had the ability to open the telnet port in order to gain full control over it.

Recommendation

Here below we have mentioned the remedies for these two vulnerabilities:-

• CVE-2022–36158 Remedy

Since the default password for the hidden engineering web page is extremely weak, it needs to be removed from the devices that are in production. Through this website, an attacker could very easily be able to inject a backdoor onto the device as it has a very weak default password.

• CVE-2022-36159 Remedy

For each device, a unique password needs to be generated. The passwords for each device must be generated randomly throughout the manufacturing process, and each password must be unique.

Download Free SWG – Secure Web Filtering – E-book