CVE-2017-14942 Scanner

The Intelbras WRN 150 is a wireless router device commonly used in home and small office networks to provide internet connectivity and network management. It is designed to offer reliable routing functions and security features for users to manage their network traffic and device access. The router's firmware controls authentication mechanisms to prevent unauthorized access to sensitive configurations. Users and network administrators rely on this device to safeguard network settings and maintain secure operation. Firmware updates are periodically released to address security vulnerabilities and enhance functionality. The device is popular in certain regional markets due to its affordability and ease of use.

This vulnerability concerns an authentication bypass issue within the Intelbras WRN 150 router, where manipulation of the admin:language cookie allows unauthorized access. Attackers can exploit this flaw to bypass the normal login authentication process without credentials. By crafting HTTP requests with a modified cookie value, an attacker can retrieve the router’s configuration file directly. This file contains sensitive information such as wireless settings and administrative passwords, which can lead to complete compromise of the device. The vulnerability is critical as it exposes the device to unauthorized control and data leakage.

Technically, the vulnerability is triggered by sending a GET request to the /cgi-bin/DownloadCfg/RouterCfm.cfg endpoint with a manipulated cookie header (admin:language=pt). The server fails to properly validate authentication and permits download of the configuration file if this cookie is present. The response includes a content type indicating configuration data and body content revealing wireless parameters and password hashes. The absence of proper session validation or authorization checks allows this bypass. This flaw is inherent in the router’s firmware handling of cookie-based authentication.

Exploitation of this vulnerability allows attackers to gain full configuration access to the router without authentication. They can extract sensitive credentials, wireless keys, and other private settings. This leads to potential network takeover, interception of network traffic, and further attacks on connected devices. Unauthorized control of the router can also enable malicious modifications to DNS settings, firewall rules, and create persistent backdoors. The critical nature of this issue requires immediate firmware updates to mitigate risks.

REFERENCES

• https://www.exploit-db.com/exploits/42916
• https://nvd.nist.gov/vuln/detail/CVE-2017-14942