A serious security vulnerability has been uncovered in Arcadyan routers, stemming from the unexpected presence of Wi-Fi Alliance’s testing software in production devices.
Security researchers have identified a command injection flaw (CVE-2024-41992) that could allow attackers to gain complete control over affected routers.
Vulnerability Details
The problem is with the Wi-Fi Test Suite, a tool that the Wi-Fi Alliance developed for certification testing. This software, never intended for production use, was found deployed on commercial Arcadyan router models, specifically the FMIMG51AX000J.
According to security experts, successful exploitation of this vulnerability could have severe consequences:
- Complete administrative control over affected routers
- Ability to modify system configurations
- Potential disruption of network services
- Possible compromise of network data
- Risk of service outages for connected users
Security researchers have found that the Wi-Fi Test Suite, a development tool created by the Wi-Fi Alliance for certification testing, was unexpectedly present on commercial Arcadyan router models, specifically the FMIMG51AX000J.
The issue lies in the tool’s susceptibility to command injection attacks. Attackers can exploit the vulnerability and gain complete control over the devices by sending specially crafted packets to the affected routers.
The Wi-Fi Test Suite listens on TCP ports 8000 and 8080, accepting TLV (Type-Length-Value) packets. Researchers discovered that by manipulating these packets, they could inject malicious commands and achieve remote code execution.
The vulnerability enables unauthorized local attackers to execute commands with root privileges by sending specially crafted network packets to affected devices.
Successful exploitation of this vulnerability grants attackers full administrative access to the affected routers. With this level of control, attackers can modify system configurations, disrupt network services, and potentially compromise the security of all connected devices and users.
Researchers discovered alternatives to overcome the short input length that some functions accepted during initial attempts to exploit the vulnerability.
By targeting functions that accept larger inputs, such as the “wfaTGSendPing” function, attackers can inject more complex commands and achieve their malicious goals.
Noam Rathaus from SSD Disclosure made the initial discovery, and Timur Snoke at CERT/CC documented it
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Watch Here
Recommended Fixes
CERT/CC has issued clear recommendations for addressing this security concern:
- Vendors should immediately update the Wi-Fi Test Suite to version 9.0 or later
- Alternatively, the test suite should be completely removed from production devices
- Network administrators should assess their devices for the presence of this vulnerability
This incident highlights the importance of proper security practices in production environments and the risks of leaving testing tools in deployed devices.
Network administrators and users of Arcadyan routers are urged to check their devices and implement the recommended solutions as soon as possible.
The National Cybersecurity Agency of France (ANSSI) has coordinated this vulnerability with Bouygues Telecom and confirmed that they have deployed a fix on all of their equipment.
Protecting Your Networks & Endpoints With UnderDefense MDR – Request Free Demo