ANTLabs InnGate devices are a popular Internet gateway for visitor-based networks. They’re commonly installed in hotels, convention centers and other places that provide temporary guests access to a WiFi connection. If you’ve ever used WiFi in a hotel, you’re familiar with these types of devices as they are typically tied to a specific room number for billing purposes.
CVE-2015-0932 gives an attacker full read and write access to the file system of an ANTLabs’ InnGate device. Remote access is obtained through an unauthenticated rsync daemon running on TCP 873. Once the attacker has connected to the rsync daemon, they are then able to read and write to the file system of the Linux based operating system without restriction.
An attacker exploiting the vulnerability in CVE-2015-0932 would have the access to launch DarkHotel-esque attacks against guests on the affected hotel’s WiFi. Targets could be infected with malware using any method from modifying files being downloaded by the victim or by directly launching attacks against the now accessible systems.