Our security analysis has uncovered multiple vulnerabilities in the LB-link BL-W1210M router. The identified vulnerabilities present risks of security protocol circumvention and unauthorized retrieval of sensitive data by local entities.
The router variant impacted is the LB-link BL-W1210M, with the firmware iteration V1.0.0 / Open-MATCH-V1.02 / V1.2.8.
1. Password Policy Bypass / Inconsistent Password Policy (CVE-2024-33373)
Description: An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force attack.
Impact: The LB-LINK BL-W1210M router’s security vulnerability due to weak password protocols could lead to unauthorized access and data compromise.
Mitigation: If possible, upgrade to the latest firmware version.
POC: The LB-link BL-W1210M router’s weak authentication, allowing Base64 credential cracking, poses a serious security risk.
2. Incorrect Access Control (CVE-2024-33374)
Description: Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without authentication
Impact: The LB-LINK BL-W1210M router has a critical security flaw that could be exploited with direct access, potentially leading to data breaches. Immediate remediation is advised.
Mitigation: If possible, upgrade to the latest firmware version.
POC: Our test device provided the following log output during boot after hitting the Enter key:
3. Credentials Stored in Cleartext / Unencrypted Credentials (CVE-2024-33375)
Description: LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router’s firmware.
Impact: The LB-LINK BL-W1210M router’s vulnerability involves storing credentials in plaintext, which may lead to unauthorized access and data risks. Urgent remediation is recommended.
Mitigation: If possible, upgrade to the latest firmware version.
POC: LB-LINK routers’ storage of USER1 and USER2 credentials in plaintext poses a significant security threat. Immediate measures are required to prevent unauthorized access and ensure data protection.
4. Clickjacking (CVE-2024-33377)
Description: LB-LINK BL-W1210M v2.0 was discovered to contain a “clickjacking” vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with crafted elements on the web page.
Impact: The LB-LINK BL-W1210M router’s vulnerability can mislead users via a transparent iframe, leading to unintended server redirection and potential security breaches.
Mitigation: If possible, upgrade to the latest firmware version.
POC: Any unauthenticated user can load the administrator log in page in an i-frame
5. Outdated JavaScript Library
Description: The web app used an outdated Axios library (v0.21.0) with vulnerabilities, including Inefficient Regular Expression Complexity and Server-Side Request Forgery (SSRF) risks (CVE-2021-3749 and CVE-2020-28168).
Impact: Several CVEs were found in the Outdated Axios JavaScript library used in the web application.
Mitigation: If possible, upgrade to the latest firmware version.
POC: The Axios JavaScript library version is outdated.
6. HTTP-Only Flag not set on Cookies
Description: The HTTP-Only Flag not being set on the “sysauth” cookie vulnerability in the LB-LINK BL W1210M router exposes users to the risk of session hijacking and unauthorized access to their accounts. The web application does not set the HTTP-only flag on the “sysauth” cookie.
The HTTP Only flag is a security measure that instructs web browsers to prevent client-side scripts (e.g., JavaScript) from accessing the cookie via the “document.cookie” property. When this flag is not set, the cookie becomes vulnerable to script injection attacks, allowing malicious scripts to read and exfiltrate sensitive information stored in the cookies.
Impact: The LB-LINK BL-W1210M router vulnerability allows an attacker to use malicious scripts to steal cookies that do not have the HTTP-Only Flag set, compromising the confidentiality and integrity of user accounts.
Mitigation: If possible, upgrade to the latest firmware version.
POC: The HTTP-Only flag is not being set on the authentication cookies in the web application after an administrator logs in:
Redfox Security is a diverse network of expert security consultants with a global mindset and a collaborative culture. If you are looking to improve your organization’s security posture, contact us today to discuss your security testing needs. Our team of security professionals can help you identify vulnerabilities and weaknesses in your systems and provide recommendations to remediate them.
Join us on our journey of growth and development by signing up for our comprehensive courses.
Redfox Cyber Security Inc.
8 The Green, Ste. A, Dover,
Delaware 19901,
United States.
info@redfoxsec.com
©️2024 Redfox Cyber Security Inc. All rights reserved.
