A recent vulnerability has been discovered in GL.iNet routers that could potentially allow attackers to write arbitrary files on the device. The exploit, identified as CVE-2023-46455, affects GL.iNet routers running version 4.3.7 of the firmware.
The exploit, discovered by security researcher Michele ‘cyberaz0r’ Di Bonaventura, leverages a flaw in the GL.iNet Admin Panel, accessible through a Google search with the query “intitle:GL.iNet Admin Panel.” By exploiting this vulnerability, attackers can upload a crafted shadow file to the device, allowing them to modify system files, including the root user password.
To carry out the exploit, attackers need to provide a new password for the root user, which is then encrypted using the MD5 hashing algorithm. This salted password is used to craft a new shadow file, which includes entries for various system users, including root, daemon, ftp, network, and others.
Once the shadow file is crafted, the exploit script replaces the original shadow file on the GL.iNet router with the crafted one. By uploading the new shadow file to the ‘/etc/shadow’ directory on the device, attackers can effectively change the root user password and potentially gain full control of the router.
The impact of this vulnerability is significant, as compromising the root user account on a router can lead to unauthorized access, data theft, or even network-wide attacks. It is crucial for GL.iNet router owners to update their firmware to a patched version as soon as possible to prevent exploitation of this vulnerability.
The vendor, GL.iNet, has been notified of the vulnerability, and users are advised to follow any security advisories or updates provided by the company. In the meantime, users can take additional precautions by ensuring that remote management features are disabled, using strong passwords, and monitoring network activity for any suspicious behavior.
Security researchers are continuing to analyze the exploit and its potential impact on GL.iNet routers. In the meantime, it is essential for users to stay vigilant and take steps to secure their devices against potential attacks.