The vulnerabilities reported by ACE Team – Loginsoft include reflected Cross-Site Scripting (XSS) attacks, buffer overflows to means of obtaining admin credentials, bypassing authentication altogether, and executing arbitrary code.
Any attacker with access to the router administration page can carry out the said attacks even if they do not know the admin credentials.
The vulnerabilities disclosed and patched this week are:
| Identifiers | Vulnerability Type | Description |
CVE-2020-15892
aka Loginsoft-2020-1006 | Stack-based Buffer Overflow | A classic stack-based buffer overflow in the `ssi` binary, leading to arbitrary command execution. |
| CVE-2020-15893 | Command Injection | Command injection vulnerability in the UPnP via a crafted M-SEARCH packet |
| CVE-2020-15894 | Sensitive Information Exposure | Exposed administration function allows unauthorized access to sensitive information. |
CVE-2020-15895
aka Loginsoft-2020-1008 | Cross-Site Scripting (XSS) | Reflected XSS vulnerability on the device configuration webpage due to an unescaped value |
CVE-2020-15896
aka Loginsoft-2020-1007 | Sensitive Information Exposure / Authentication Bypass Backdoor | Exposed administration function allows unauthorized access to sensitive information. |
research.loginsoft.com
