The security researchers of Bad Packets have found vulnerability that nearly 19,500 orange Livebox ADSL modems to leaks Wi-Fi Credentials.
Troy Mursh, co-founder of Bad Packets LLC says in the post,
“Our honeypots observed an interesting scan consisting of a GET request for /get_getnetworkconf.cgi. Upon further investigation, we found this traffic was targeting Orange Livebox ADSL modems. A flaw exists in these modems that allow remote unauthenticated users to obtain the device’s SSID and WiFi password.
Of the 30,063 IPv4 hosts found, our scans revealed-
- 19,490 leaking their WiFi credentials (SSID/password) in plaintext
- 2,018 not leaking any information, but still exposed to the internet
- 8,391 not responding to our scans
Many of the devices found to be leaking their WiFi password use the same password to administer the device (password reuse) or have not configured any custom password – so the factory default “admin/admin” credentials are still applied.
This allows allow any remote user to easily access the device and maliciously modify the device settings or firmware.”
The cyber attacker is exploiting a vulnerability that was first used in 2012 and used to affecting Orange LiveBox devices (CVE-2018-20377)
The researchers explained LiveBox Zero-Day On Github as follow terms-
- CWE-359: Exposure of Private Information (‘Privacy Violation’).
- CWE-200: Information Exposure- Unauthenticated configuration information leak.
- CWE-352: Cross-Site Request Forgery (CSRF)- The web application does not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. Allows an attacker to manipulate all configuration parameters.
- CWE-912: Hidden Functionality- The software contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the software’s users or administrators.
It is not the first time that routers have been found to leak credentials. On September 2018, BadPackets found 200,000+ MikroTik routers worldwide have been compromised to inject cryptojacking malware.