Security News > 2020 > June > Unpatched Wi-Fi Extender Opens Home Networks to Remote Control

Unpatched Wi-Fi Extender Opens Home Networks to Remote Control
2020-06-29 16:48

Two of the bugs could allow complete remote control of the device.

"A compromised device can become part of an internet of things botnet that launches distributed denial-of-service attacks, used to pivot to other connected devices, leveraged to mine for cryptocurrency or used in various other unauthorized ways," explained researchers at IBM X-Force, in a posting last week.

The second vulnerability is found in the "Wireless" section in the web-UI: By adding a device to the Wireless Access Control list with a specially crafted hostname, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

"In our demo we were able to get a reverse shell on the vulnerable device just by having someone with access to the device's network visit our website," said the researchers.

The third vulnerability, which rates 7.5 out of 10 on the severity scale, resides in a process named "homeplugd," which is related to the extender device's powerline functionality.


News URL

https://threatpost.com/unpatched-wi-fi-extender-remote-control/156990/