CVE-2017-13717 in Station
Summary
by MITRE
Starry Station (aka Starry Router) sets the Access-Control-Allow-Origin header to "*". This allows any hosted file on any domain to make calls to the device's webserver and brute force the credentials and pull any information that is stored on the device. In this case, a user's Wi-Fi credentials are stored in clear text on the device and can be pulled easily.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 10/03/2023
The vulnerability identified as CVE-2017-13717 affects Starry Station routers, which are marketed as Starry Router devices. This security flaw represents a critical misconfiguration in the web server implementation that fundamentally undermines the device's security posture. The vulnerability stems from the improper setting of the Access-Control-Allow-Origin header to an asterisk wildcard character, which creates an insecure cross-origin resource sharing (CORS) policy that grants unrestricted access to the device's web interface from any domain.
The technical flaw manifests through the improper handling of CORS headers within the web server configuration of these routers. When the Access-Control-Allow-Origin header is set to "*", the device effectively disables the browser's same-origin policy enforcement mechanism that normally prevents unauthorized cross-domain requests. This misconfiguration creates a pathway for malicious actors to exploit the device's web interface through malicious web pages hosted on external domains. The vulnerability maps directly to CWE-693, which describes protection mechanism failures in web applications, specifically concerning insecure cross-origin resource sharing implementations.
The operational impact of this vulnerability is severe and multifaceted, as it provides attackers with complete unauthorized access to the router's administrative interface. The exploitation process involves hosting a malicious webpage that makes cross-origin requests to the vulnerable router, allowing for credential brute-forcing attempts and information extraction. Given that Wi-Fi credentials are stored in plaintext format on the device, attackers can easily retrieve these sensitive network authentication details without requiring any specialized tools or techniques. This provides attackers with immediate access to the wireless network, enabling further attacks such as man-in-the-middle attacks, network reconnaissance, and potential lateral movement within the compromised network environment.
The security implications extend beyond simple credential theft, as this vulnerability creates an attack surface that allows for persistent unauthorized access to the device. The plaintext storage of Wi-Fi credentials represents another critical flaw that compounds the severity of the CORS vulnerability. Attackers can leverage this access to modify router configurations, redirect traffic, or establish persistent backdoors. This vulnerability aligns with several ATT&CK tactics including credential access through web application exploitation and privilege escalation via unauthorized administrative access. The combination of insecure CORS implementation and plaintext credential storage creates a particularly dangerous scenario where minimal technical expertise is required to achieve complete device compromise.
Mitigation strategies for this vulnerability require immediate implementation of proper CORS header configuration where the Access-Control-Allow-Origin header is restricted to specific, trusted domains rather than allowing wildcard access. Network administrators should implement additional security measures including disabling unnecessary web interfaces, implementing strong authentication mechanisms, and ensuring that all sensitive data is encrypted both at rest and in transit. The device should be updated to a version that properly implements CORS policies and removes the wildcard configuration. Regular security audits of network devices should include verification of CORS header configurations to prevent similar issues from occurring in other network infrastructure components. This vulnerability underscores the critical importance of proper security configuration management and the implementation of defense-in-depth strategies to protect network infrastructure devices from unauthorized access.