Router vulnerability, in both industrial and consumer units, has been a preferred attack point for hackers.
Researchers have published alerts on two more router vulnerabilities being exploited in the wild. Vulnerabilities in home networking device Tenda and industrial router USR USR-G806 were found to be used, researchers spotted.
Manufacturers earlier issued patch alerts on both vulnerabilities. Both were deemed critical in severity ratings.
The Tenda router vulnerability and the bug in the PUSR router highlight the need to patch software pertaining to connectivity both at home and in business.
Details about the Tenda router vulnerability
CVE-2023-2649 in Tenda AC23 16.03.07.45_cn was declared a critical vulnerability with a base score of 8.8.
“The vulnerability is in /bin/ate, we can send msg to it through port 7329. An authenticated attacker can start this port via httpd,” a GitHub report read.
Hackers can use the Tenda router vulnerability for remote command injection if updates are left installed.
Remote code injection could allow changing the execution flow of legitimate software. Hackers can send malicious code to be run by an application leading to damage including security breaches.
Hackers may gain complete control of the device by exploiting flaws including this Tenda router vulnerability. The Tenda router vulnerability was assigned the identifier VDB-228778.
Details about another router vulnerability
Another router vulnerability in USR USR-G806 1.0.41 exposed servers to exploitation via an unknown function of the web management component. This vulnerability in the USR router was also exploitable remotely.
CVE-2023-2645 was classified as critical in severity with a base CVSS score of 9.8. Hackers can gain access to hardcoded passwords via the manipulation of the argument username/password with the input root.
Hardcoded passwords are passwords in plain text format that can be used to gain unauthorized access to systems.
A GitHub report about the USR vulnerability stated that some of the systems had root default password, and an admin default password.
“After querying, web management default password, incomplete statistics, and searching fofa keyword app+”USR-G806” 28,000 related devices were found,” the GitHub report said.
The USR-G806 router firmware V1.0.41 device vulnerability was assigned the identifier – VDB-228774.
Researchers found that the device was open to ssh service by default. Also, the default password was found to be weak as shown below:
Over 8000 instances of this device model being open to Telnet were found.
Router vulnerability exploited in the past
Hackers exploited a firmware implant made for TP-Link routers to launch cyberattacks on European Foreign Affairs organizations. The cybercriminal group named Camaro Dragon targeted European organizations by exploiting internet-facing network devices.
The cyberattack led to the exposure of usernames, systems names, OS version data, and CPU architecture. Researchers found a set of two modified TP-Link router firmware images. The firmware was for the TP-Link router model WR940N.
Tenda router vulnerability and RouterSpoilt
RouterSpoilt is an open-source exploitation tool used for the compromise of a router. Since, router exploitation is one of the easiest ways to gain unauthorized access, tools have been designed to automate this cybercrime.
The Wi-Fi is breached in this exploitation technique by bypassing the admin login page and accessing admin privileges. The hacker can spy on the system, inject malware, and launch spear-phishing attacks.
Espionage is a major concern associated with IoT and router vulnerability exploitation. RouterSploit captures the webcam data and accesses other devices.
It goes against the security created by using VPN connections to hide traffic data from the command and control servers.
There have been instances of the sale of a network of infected routers on the black market to carry out credit card fraud, and launching DDoS attacks.