The two major vulnerabilities were found in the series of the flexlan, a LAN device providing internet services in airlines.
The Necrum security labs’ researchers Samy Younsi and Thomas Knudsen, initiated the research which led to tracking two critical vulnerabilities which were identified as CVE-2022-36158 and CVE-2022-36159.
The vulnerabilities were detected in the Flexlan series named FXA3000 and FXA2000 and have been associated with a Japan-based firm known as Contec.
The researchers said while considering the first vulnerability, that during the execution of reverse engineering on firmware, we found a hidden web page, which was not entailed in the list of wireless LAN manager interfaces. They also added that it simplifies the enforcement of the Linux command over the device with root privileges.
The researchers mentioned that the first vulnerability gave access to all the system files along with the telnet port which allows to access the whole device.
Regarding the second vulnerability, the researchers said, it makes use of hard-coded, weak cryptographic keys and backdoor accounts. While carrying out the research, the researchers were also able to recover and get access to a shadow file within a few minutes with the help of a brute-force attack. The file contained the hash of two users including root and users.
The researchers explained the issue that the device owner is only able to change the password from the interface of the web admin as the root account is reserved for maintenance purposes by Contec. This allows the attacker with a root hard-coded password able to access all Flexlan FXA2000 and FXA3000 series effortlessly.
With respect to the solutions, researchers emphasized the importance of mentioned to maintaining cyber security, with regard to the first Vulnerability. They said, “the hidden engineering web pages should be removed from all unfortified devices. As weak passwords make access easier for cyber attackers.”
For the second vulnerability, the advisory commented, “the company should create new strong passwords, for every single device with the manufacturing process.”
Read the full article here