| Title | UNIWAY ROUTERS Router Firmware V2.0 BROKEN AUTHENTICATION |
|---|
| Description | Hi team, Hope you all are doing well.
While testing the uniway router for vulnerabilities, I came to know that it has a serious broken authentication flaw that can allow an attacker who is connected with the router's network to reboot the device without any authentication.
The attacker just need to use the curl command below:
curl -d mode_name=device_reset http://<router_ip>/boaform/device_reset.cgi
This behavior can have a lot of security impacts like:
Unauthorized Reboots: The ability for an attacker to reboot the router without authentication can lead to frequent disruptions in the network's availability. Repeated reboots can deny legitimate users access to network services, causing downtime and potential financial losses for businesses relying on the network.
Denial of Service (DoS) Attacks: An attacker could exploit this flaw to conduct deliberate and repeated reboots, effectively launching a Denial of Service attack. This attack can disrupt internet connectivity and hinder the normal functioning of devices connected to the router.
Compromise of Network Integrity: Unauthenticated reboots can also serve as a means for an attacker to cover their tracks or conduct other malicious activities. By rebooting the router, they might attempt to erase logs or manipulate settings to further compromise the network's security.
Access to Sensitive Information: If an attacker gains access to the router's network, the ability to reboot it without authentication might be a precursor to deeper intrusions. They could use this as a stepping stone to access sensitive information, compromise other devices on the network, or even perform further attacks.
Inability to Apply Security Patches: If an attacker repeatedly reboots the router, it might prevent legitimate users from applying necessary security patches and updates. This leaves the network vulnerable to known vulnerabilities, increasing the risk of exploitation by attackers.
Please let me know if any further information is required. Thank you |
|---|
| Source | ⚠️ https://drive.google.com/file/d/1XDZA4ibiYNcxTwq60vYCr03_6M_cvJ_2/view?usp=sharing |
|---|
| User | faiyazahmad (UID 60242) |
|---|
| Submission | 12/24/2023 18:27 (3 years ago) |
|---|
| Moderation | 01/05/2024 10:53 (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 249758 [Uniway Router up to 2.0 Device Reset device_reset.cgi denial of service] |
|---|
| Points | 20 |
|---|