Inet network scanner torrent11/23/2023 ![]() ![]() This vulnerability stems from improper validation of input passed through the ping ( ping_addr) and traceroute ( trace_addr) parameters. This vulnerability exists within the local web interface and remote cloud interface. The MT300N-V2 portable router is affected by an OS Command Injection vulnerability that allows authenticated attackers to run arbitrary commands on the affected system as the application's user. Password policy bypass leading to single character passwords Account takeover via weak password requirements & lack of rate limitingĦ. Account takeover via stored cross-site scripting (CVE-2022-42054)ĥ. PII data leakage via user enumeration leading to account takeoverĤ. Arbitrary file read on router via cloud gateway (CVE-2022-42055)ģ. OS command injection on router & cloud gateway (CVE-2022-31898)Ģ. There will always be vulnerabilities in all products that take risks on creativity, innovation, and change - the essence of pioneering.Ī total of 6 vulnerabilities were identified in GL.iNet routers and IoT cloud gateway peripheral web applications: 1. Development and security are intertwined in a never ending cycle. Having vulnerabilities reported should never be seen as a defeat or failure. In other words, think twice before poking at their infrastructure and being a nuisance. GL.iNet does not have a BBP or VDP program, I asked, and was given permission to perform the tests I did. Lastly, the GL.iNet also shipped me their ( GL-AX1800 / Flint) for additional testing. As a result, I was given safe passage and continued to act in good faith. We ultimately agreed to public disclosure & the release of this blog in exchange for continued testing. After reporting the initial command injection vulnerability GL.iNET asked if I were interested in monetary compensation to find additional bugs. In terms of overall timeline/transparency, I started testing on-and-off between May 2nd 2022 to June 15th 2022. So I'd like to give some quick praise for being an awesome vendor that kept me in the loop throughout the patching/disclosure process. They genuinely care about the security posture of their products. The GL.iNET team was really awesome to work & communicate with. I like to give credit where credit is due. The second mainly consists of an attempted hardware teardown. The first half contains software vulnerabilities, this includes the local web application and the remote cloud peripherals. This blog will be separated into two sections. The goodcloud remote cloud management gateway was Version 12.00. They offer a wide variety of products, and the company’s official website is The GL-MT300N-V2 firmware version I dove into was V3.212 released on April 29th, 2022 for the Mango model. GL.iNET is a leading developer of OpenWrt Wi-Fi and IoT network solutions and to my knowledge is a Chinese company based out in Hong Kong & USA. Among them was this mini portable router by GL.iNET. In early May of 2022, I went on an Amazon/AliExpress shopping spree and purchased ~15 cheap IoT devices. I've really enjoyed reversing cheap/weird IoT devices in my free time. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |