HomeMalware & ThreatsGL.iNet AR300M version 4.3.7 Allows Arbitrary File Writing

GL.iNet AR300M version 4.3.7 Allows Arbitrary File Writing

Published on

spot_img

A recent vulnerability has been discovered in GL.iNet routers that could potentially allow attackers to write arbitrary files on the device. The exploit, identified as CVE-2023-46455, affects GL.iNet routers running version 4.3.7 of the firmware.

The exploit, discovered by security researcher Michele ‘cyberaz0r’ Di Bonaventura, leverages a flaw in the GL.iNet Admin Panel, accessible through a Google search with the query “intitle:GL.iNet Admin Panel.” By exploiting this vulnerability, attackers can upload a crafted shadow file to the device, allowing them to modify system files, including the root user password.

To carry out the exploit, attackers need to provide a new password for the root user, which is then encrypted using the MD5 hashing algorithm. This salted password is used to craft a new shadow file, which includes entries for various system users, including root, daemon, ftp, network, and others.

Once the shadow file is crafted, the exploit script replaces the original shadow file on the GL.iNet router with the crafted one. By uploading the new shadow file to the ‘/etc/shadow’ directory on the device, attackers can effectively change the root user password and potentially gain full control of the router.

The impact of this vulnerability is significant, as compromising the root user account on a router can lead to unauthorized access, data theft, or even network-wide attacks. It is crucial for GL.iNet router owners to update their firmware to a patched version as soon as possible to prevent exploitation of this vulnerability.

The vendor, GL.iNet, has been notified of the vulnerability, and users are advised to follow any security advisories or updates provided by the company. In the meantime, users can take additional precautions by ensuring that remote management features are disabled, using strong passwords, and monitoring network activity for any suspicious behavior.

Security researchers are continuing to analyze the exploit and its potential impact on GL.iNet routers. In the meantime, it is essential for users to stay vigilant and take steps to secure their devices against potential attacks.

Source link

Latest articles

Schadsoftware RedLine und META lahmgelegt

In a recent international operation against cybercrime, authorities from various countries have successfully dismantled...

Best Practices for Cloud Environments to Combat Cyber Attacks by IAM

Organisations across the globe are continually looking for new ways to incorporate artificial intelligence...

Explore Son Doong Cave in 360° Flight

The magnificent Son Doong Cave in Vietnam continues to captivate visitors with its breathtaking...

CrossBarking Attack Exposes Opera Browser Users through APIs

Security researchers have recently brought to light a new browser attack that exploits "private"...

More like this

Schadsoftware RedLine und META lahmgelegt

In a recent international operation against cybercrime, authorities from various countries have successfully dismantled...

Best Practices for Cloud Environments to Combat Cyber Attacks by IAM

Organisations across the globe are continually looking for new ways to incorporate artificial intelligence...

Explore Son Doong Cave in 360° Flight

The magnificent Son Doong Cave in Vietnam continues to captivate visitors with its breathtaking...
en_USEnglish