CVE-2018-12455 Scanner

The Intelbras NPLUG is a network device that is commonly used among small businesses and individuals to manage and control internet access. Primarily, it is deployed in office environments and residential settings to provide a user-friendly interface for network configuration. The device runs proprietary firmware and is integrated into networks where simplicity and cost-effectiveness are priorities. As a consumer-grade device, its accessibility facilitates widespread use across a variety of simple networking setups. Its purpose is to allow users to set up routers effortlessly and manage connected devices effectively. The ease of installation and configuration makes it appealing for non-technical users.

The vulnerability in question is an Authentication Bypass, which is significant in the context of network security. This type of vulnerability allows an unauthorized user to gain access to restricted areas of a system by circumventing the standard authentication mechanisms. In this case, the vulnerability permits an attacker to set a specific cookie to bypass authentication altogether. This security flaw compromises the integrity of access controls, potentially allowing unauthorized access to sensitive configurations or data. The exploitation of such a vulnerability can lead to further attacks if not addressed, given the direct access to configuration details.

The vulnerability exists due to a flaw in the authentication mechanism, where the manipulation of a cookie allows access without valid credentials. When an unauthorized user sets a cookie named "admin:" they can bypass the standard login process. The vulnerability is specifically linked to the HTTP endpoint used for configuration management. Successful exploitation requires the attacker to send a specially crafted GET request that includes the cookie. The endpoint "cgi-bin/DownloadCfg/RouterCfm.cfg" is particularly exposed, and getting a response with certain content types and status codes indicates a breach.

Exploitation of this vulnerability can lead to unauthorized access to the device's configuration, allowing an attacker to alter settings, access sensitive data, or use the device as a pivot for further attacks. Unauthorized configuration changes could degrade the performance or availability of network services. Additionally, if sensitive information is extracted, it could be used in subsequent attacks beyond the affected device. Furthermore, such unauthorized control can facilitate interception of network traffic or man-in-the-middle attacks, compromising the security of communications.

REFERENCES

• https://seclists.org/fulldisclosure/2018/Oct/18
• https://nvd.nist.gov/vuln/detail/CVE-2018-12455