Netwave WIP Devices Vulnerability Analysis: Auth Bypass, RCE, Arbitrary File Download

Critical Vulnerability Information 1. Vulnerability Overview Description: Multiple vulnerabilities affect Netwave WIP devices, primarily impacting the WIP8-100B and WIP8-200B models. Impact Scope: Risks include unauthorized access to the web interface, execution of arbitrary code (with root privileges), and leakage of sensitive information. 2. Vulnerability Details Hardcoded Password Bypass: - The login form contains a hardcoded "password_backdoor" field, allowing anyone to access the network interface even without knowing the admin password. - This issue does not exist in WIP8-200B devices. Web Interface Privilege Escalation: - When changing the admin password, the request includes , leading to privilege escalation. - Attackers can exploit this vulnerability to log in as admin and escalate privileges. Authentication Bypass: - The script handles various user requests, such as updating device preferences or changing passwords. - Attackers can bypass authentication by tampering with the session ID in the request. Command Injection: - The script is vulnerable to command injection attacks; inputting specific strings allows execution of arbitrary commands. - Example: Arbitrary File Download: - The script allows downloading any file from the device, including encrypted configuration files. - Attackers can download and decrypt these files to obtain sensitive information. Maintenance Mode Interface Exposure: - Accessing a specific URL enables "simulation mode" or "debug mode", exposing the Telnet port. - Attackers can exploit this feature to gain a root shell. 3. Timeline 2017-02-17: Initial contact with the vendor. 2017-03-23: Vendor confirms and fixes some vulnerabilities. 2017-04-09: Firmware version 2.2.2.8 released, fixing all known vulnerabilities. 2017-04-28: Public disclosure of the security advisory.

Goal Reached Thanks to every supporter — we hit 100%!

Netwave WIP Devices Vulnerability Analysis: Auth Bypass, RCE, Arbitrary File Download