Agentes de ameaça estão a explorar uma vulnerabilidade nos modems LiveBox ADSL da Orange. A palavra-passe WiFi do router poderia ser obtida pelos adversários através do envio de uma simples solicitação especialmente criada e enviada para os dispositivos. A palavra-passe era obtida em plain-text.
A falha identificada como CVE-2018-20377 é conhecida pelo menos desde 2012, quando Rick Murray a descreveu em num artigo no seu blog.
Investigadores da Bad Packets observaram um varrimento tendo como target um honeypot. Uma investigação mais detalhada permitiu descobrir que os routers estavam a vazar a palavra-passe de acesso à rede local.
“On Friday, December 21, 2018, our honeypots observed an interesting scan consisting of a GET request for /get_getnetworkconf.cgi. Upon further investigation, we found this traffic was targeting Orange Livebox ADSL modems.” reads the analysis published by the experts.
“A flaw exists in these modems that allow remote unauthenticated users to obtain the device’s SSID and WiFi password.”
“This allows allow any remote user to easily access the device and maliciously modify the device settings or firmware. In addition, they can obtain the phone number tied to the modem and conduct other serious exploits detailed in this Github repository. ” continues the analysis.
Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.
Read more here.