Thursday, March 28, 2024

RCE Vulnerability Over 1 Million Fiber Router Allows Attacker to Bypass all Authentication in Entire Network

Update: Now VPN Mentor has been released a user-friendly patch for affected users who can provide their WebUI URL of the router and run the script that will perform further patch operation.

Critical Remote code execution vulnerability discovered in Fiber based GPON home router allows attack could compromise the entire network and bypass all authentication.

GPON is one of the widely used internet and the highest speed, longest life, lowest cost network infrastructure available in the market. Offering a genuine future‐proof access network with flexibility and upgrade capability well into the future.

This vulnerability can be exploited by just modifying the URL in the browser’s address bar and this bug allows let anyone bypass the router’s login page.

There is 2 critical vulnerability involved in this flaw and those combined 2 (CVE-2018-10561 & CVE-2018-10562) vulnerabilities allow attacker could take over and gain complete control the device and the network.

  • CVE-2018-10561 –a way to bypass all authentication on the devices
  • (CVE-2018-10562- command injection vulnerability to execute commands on the device

Mainly this flaw exploits the authentication mechanism using first vulnerability which leads to attack bypass all the authentication.

Bypass Router Using Simple Trick

Primary flaw found in HTTP servers that usually check the specific path when performing the authentication process which allows bypassing authentication on any endpoint system with a simple trick.

An attack can bypass the endpoint by just adding  ?images/ to the URL which works on both HTML pages and GponForm/.

/menu.html?images/
or
/GponForm/diag_FORM?images/
According to vpnmentor, While looking through the device functionalities, we noticed the diagnostic endpoint contained the ping and traceroute commands. It didn’t take much to figure out that the commands can be injected by the host parameter.
Since the router saves ping results in /tmp and transmits it to the user when the user revisits /diag.html, it’s quite simple to execute commands and retrieve their output with the authentication bypass vulnerability.

you can see the video that demonstrates the exploitation of the critical RCE flaw.

Researchers have tested many of the GPON routers and they find the same flaw in so many routers.

Also, they search in shodan to find the number GPON devices that is using in wide that show more than one million routers are actively working around the world.

Website

Latest articles

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles