| Title | UNIWAY ROUTERS Router Firmware V2.0 ACCOUNT TAKEOVER |
|---|
| Description | Dear Team,
I trust this message finds each of you well.
During my examination of the authentication process for Uniway routers, I've uncovered several noteworthy aspects:
1. The router does not employ a cookie-based mechanism for authentication.
2. Access to the router's panel is limited to one device at a time within the same network. Should another device attempt access, an error is triggered, prompting the logged-in machine to log out.
Further investigation revealed that the router's authentication is tied to the private IP address of the machine. Essentially, once a machine logs into the router's panel, the associated IP address is stored. Subsequent login attempts from other devices result in an error due to this stored IP address.
This setup presents a vulnerability an attacker could exploit by manipulating their private IP address to match that of the logged-in machine. Such an exploit would grant unauthorized access to the router's functionalities, allowing for actions such as (but not limited to):
- Modifying router details
- Adding or altering user credentials
- Potentially downgrading encryption algorithms
Moreover, the Proof of Concept (PoC) demonstrates how an attacker could gain access to unauthorized network information by mimicking the private IP address of a logged-in machine.
Should you require any additional information or have inquiries, please feel free to reach out.
Thank you for your attention to this matter.
Best Regards, |
|---|
| Source | ⚠️ https://drive.google.com/file/d/11thSuALGcn0C_9tbmYu8_QzTXtBnCoNS/view?usp=sharing |
|---|
| User | faiyazahmad (UID 60242) |
|---|
| Submission | 12/27/2023 08:34 (2 years ago) |
|---|
| Moderation | 01/05/2024 11:50 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 249766 [Uniway Router 2.0 Administrative Web Interface ip address for authentication] |
|---|
| Points | 20 |
|---|