Currently browsing: Security

VU#123336: Vulnerable WiFi Alliance example code found in Arcadyan FMIMG51AX000J

Overview
A command injection vulnerability has been identified in the Wi-Fi Test Suite, a tool developed by the WiFi Alliance, which has been found deployed on Arcadyan routers. This flaw allows an unauthenticated local attacker to exploit the Wi-Fi Test Suite by sending specially crafted packets, enabling the execution of arbitrary commands with root privileges on the affected routers.
Description
The Wi-Fi Test Suite, as described by its developer, was originally created by the Wi-Fi Alliance—a global non-profit industry association responsible for Wi-Fi standards—to support the development of certification programs and device certification. This software was not designed for use in production environments. However, it has been discovered in commercial router deployments, exposing a vulnerbility in the test code in production. The Wi-Fi Test Suite contains vulnerable code that is susceptible to command injection attacks. An attacker can exploit this vulnerability by sending specially crafted packets to a device running the Wi-Fi Test Suite, allowing them to execute commands with administrative (root) privileges.
CVE-2024-41992
It is possible for an unauthenticated local attacker to use specially crafted packets to execute commands as root.
Impact
An attacker who successfully exploits this vulnerability can gain full administrative control over the affected device. With this access, the attacker can modify system settings, disrupt critical network services, or reset the device entirely. These actions can result in service interruptions, compromise of network data, and potential loss of service for all users dependent on the affected network.
Solution
The CERT/CC recommends that vendors, who have included the Wi-Fi Test Suite, to update it to version >=9.0 or remove it entirely from production devices to reduce the risk of exploitation.
Acknowledgements
Thanks to the reporter Noam Rathaus from SSD Disclosure. This document was written by Timur Snoke.

Read more

VU#138043: A stack-based overflow vulnerability exists in the Microchip Advanced Software Framework (ASF) implementation of the tinydhcp server

Overview
A stack-based overflow vulnerability exists in the tinydhcp server in the Microchip Advanced Software Framework (ASF) that can lead to remote code execution.
Description
An implementation of DHCP in ASF fails input validation, thereby creating conditions for a stack-based overflow. The software is no longer supported by the vendor. Because this vulnerability is in IoT-centric code, it is likely to surface in many places in the wild.
CVE-2024-7490
There exists a vulnerability in all publicly available examples of the ASF codebase that allows for a specially crafted DHCP request to cause a stack-based overflow that could lead to remote code execution.
Impact
This vulnerability can be tested by sending a single DHCP Request packet to a multicast address. This vulnerability exists in the current version of ASF 3.52.0.2574 and all previous versions of the software. There are also multiple forks of the tinydhcp software in github that are also potentially susceptible to this vulnerability.
Solution
The CERT/CC is currently unaware of a practical solution to this problem other than replacing the tinydhcp service with another one that does not have the same issue.
Acknowledgements
Thanks to the reporter Andrue Coombes of Amazon Element55. This document was written by Timur Snoke.

Read more