Interno Routers given out by ISPs allow full administrative access

Several Inteno routers do not validate the Auto Configuration Server (ACS) certificate (CWE-295). An attacker in a privileged network position can Man-in-the-Middle the connection between the device and the Auto Configuration Server (ACS). If ACS has been preconfigured by the ISP (this is usually the case) no user actions are required for exploitation.

Impact
——

The attacker who can intercept the network traffic between the affected
device (CPE) and the Auto Configuration Server (ACS) gains full
administrative access to the device. The attacker can perform arbitrary
administrative operations on the device, such as flashing the device
firmware.

Interno refuses to fix the problem.

advisory here

Robin Edgar

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

 robin@edgarbv.com  https://www.edgarbv.com

Leave a Reply