HomeMalware & ThreatsGL.iNet AR300M version 4.3.7 Allows Arbitrary File Writing

GL.iNet AR300M version 4.3.7 Allows Arbitrary File Writing

Published on

spot_img

A recent vulnerability has been discovered in GL.iNet routers that could potentially allow attackers to write arbitrary files on the device. The exploit, identified as CVE-2023-46455, affects GL.iNet routers running version 4.3.7 of the firmware.

The exploit, discovered by security researcher Michele ‘cyberaz0r’ Di Bonaventura, leverages a flaw in the GL.iNet Admin Panel, accessible through a Google search with the query “intitle:GL.iNet Admin Panel.” By exploiting this vulnerability, attackers can upload a crafted shadow file to the device, allowing them to modify system files, including the root user password.

To carry out the exploit, attackers need to provide a new password for the root user, which is then encrypted using the MD5 hashing algorithm. This salted password is used to craft a new shadow file, which includes entries for various system users, including root, daemon, ftp, network, and others.

Once the shadow file is crafted, the exploit script replaces the original shadow file on the GL.iNet router with the crafted one. By uploading the new shadow file to the ‘/etc/shadow’ directory on the device, attackers can effectively change the root user password and potentially gain full control of the router.

The impact of this vulnerability is significant, as compromising the root user account on a router can lead to unauthorized access, data theft, or even network-wide attacks. It is crucial for GL.iNet router owners to update their firmware to a patched version as soon as possible to prevent exploitation of this vulnerability.

The vendor, GL.iNet, has been notified of the vulnerability, and users are advised to follow any security advisories or updates provided by the company. In the meantime, users can take additional precautions by ensuring that remote management features are disabled, using strong passwords, and monitoring network activity for any suspicious behavior.

Security researchers are continuing to analyze the exploit and its potential impact on GL.iNet routers. In the meantime, it is essential for users to stay vigilant and take steps to secure their devices against potential attacks.

Source link

Latest articles

Attackers Abuse Google Ad Feature to Target Slack, Notion Users

 Attackers are once again abusing Google Ads to target people with info-stealing malware, this time...

Hackers allege to have infiltrated computer network of Israeli nuclear facility

An Iran-linked hacking group has declared that they successfully breached the computer network of...

Hacker allegedly uses white-hat approach to exploit crypto game for $4.6M

In a surprising turn of events, the food-themed crypto game Super Sushi Samurai fell...

Reducing Threats from the IABs Market

As ransomware attacks continue to escalate in frequency and severity, one of the key...

More like this

Attackers Abuse Google Ad Feature to Target Slack, Notion Users

 Attackers are once again abusing Google Ads to target people with info-stealing malware, this time...

Hackers allege to have infiltrated computer network of Israeli nuclear facility

An Iran-linked hacking group has declared that they successfully breached the computer network of...

Hacker allegedly uses white-hat approach to exploit crypto game for $4.6M

In a surprising turn of events, the food-themed crypto game Super Sushi Samurai fell...
en_USEnglish