CVE-2020-35757 in LS9
Summary
by MITRE • 05/04/2021
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is Unauthenticated Root ADB Access Over TCP. The LS9 web interface provides functionality to access ADB over TCP. This is not enabled by default, but can be enabled by sending a crafted request to a web management interface endpoint. Requests made to this endpoint do not require authentication. As such, any unauthenticated user who is able to access the web interface will be able to gain root privileges on the LS9 module.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 05/07/2021
This vulnerability exists within Libre Wireless LS9 LS1.5/p7040 devices where an unauthenticated attacker can gain root access through Android Debug Bridge (ADB) over TCP connections. The issue stems from the web management interface providing functionality to enable ADB over TCP without requiring authentication, allowing any user with access to the web interface to execute malicious requests that enable root-level ADB access. This represents a critical security flaw that directly violates the principle of least privilege and authentication requirements. The vulnerability is categorized under CWE-284 Access Control Bypass, where improper access control mechanisms allow unauthorized users to perform privileged operations. From an operational perspective, this creates a significant risk as the device is designed for wireless communication infrastructure where physical access or network exposure could lead to complete system compromise. The attack vector involves sending crafted requests to specific web interface endpoints that control ADB functionality, making this a remote code execution vulnerability that can be exploited without prior authentication credentials. This flaw directly maps to ATT&CK technique T1059 Command and Scripting Interpreter where adversaries can execute commands on compromised systems.
The technical implementation of this vulnerability demonstrates a dangerous configuration management flaw where administrative functions are exposed without proper authentication checks. The web interface endpoint responsible for enabling ADB over TCP lacks any form of authentication verification, authorization checks, or session management controls. This oversight allows any attacker who can reach the web interface to send requests that modify device configuration settings, specifically enabling root-level debugging access. The vulnerability is particularly concerning because ADB over TCP provides direct command execution capabilities with root privileges, effectively giving attackers complete control over the device's operating system and all running processes. The fact that this functionality is not enabled by default but can be activated through unauthenticated requests indicates poor security design where administrative functions are not properly protected from unauthorized access attempts.
The operational impact of this vulnerability extends beyond simple privilege escalation to encompass complete system compromise and potential network infiltration. Once an attacker gains root access through ADB over TCP, they can modify system files, install malicious software, monitor network traffic, and potentially use the device as a pivot point for attacking other systems within the network. This vulnerability particularly affects wireless infrastructure devices that may be deployed in sensitive environments where unauthorized access could lead to data breaches, service disruption, or even physical security compromise. The implications are severe as these devices often operate in environments where they are not frequently updated or monitored, making them attractive targets for persistent attackers. The vulnerability also demonstrates a lack of defense in depth principles where multiple security controls should be in place to prevent unauthorized access to critical system functions.
Mitigation strategies for this vulnerability should include immediate implementation of access controls to prevent unauthorized access to the web management interface, proper authentication mechanisms for all administrative functions, and network segmentation to limit exposure. Device administrators should disable ADB over TCP functionality when not actively needed and implement strong network access controls to restrict access to management interfaces. Regular security audits and vulnerability assessments should be conducted to identify similar configuration flaws across the device management infrastructure. Network monitoring should be implemented to detect unusual ADB connections or unauthorized access attempts. Device firmware updates should be applied promptly when available, and organizations should consider implementing additional security measures such as encrypted communications, multi-factor authentication for administrative access, and regular security configuration reviews to prevent similar vulnerabilities from being introduced in future deployments. The vulnerability also highlights the need for secure configuration management practices and the importance of following security guidelines for network infrastructure devices.