Expert found multiple critical issues in MoFi routers

Researchers found multiple vulnerabilities in MoFi Network routers, including critical flaws that can be exploited to remotely hack a device.

The researchers Rich Mirch from CRITICALSTART discovered ten vulnerabilities MOFI4500 MoFi Network routers. The expert reported the issues to the vendor in May but some of the flaws have yet to be patched.

Most of the flaws affect the web management interface, some of the vulnerabilities can be exploited by an unauthenticated, remote attacker with access to the web interface to take over the targeted router.

Some of the issues are related to the presence of hardcoded credentials or the use of weak credentials. Probably the most interesting vulnerability is an undocumented backdoor, tracked as CVE-2020-15835, that can be exploited by attackers to gain root access to a router.

“The authentication function contains undocumented code which provides the ability to authenticate as root without having to know the actual root password. An adversary with the private key can remotely authenticate to the management interface as root.” reads the advisory published by the expert. “Technical details are not included at this time because the vendor has not released a patch and disclosing this would provide enough details for the unpatched CVE-2020-15836 Unauthenticated Command Injection.”

The researcher also discovered another undocumented backdoor that resides in the poof.cgi script which can be exploited by an attacker with the private key to reboot the device. An adversary with the private key can remotely reboot the device without having to know the root password.

The vendor has addressed multiple critical vulnerabilities, but in some cases, the proposed fixes introduced other security issues.

“Multiple critical vulnerabilities have been discovered in the MoFi4500 router, an OpenWRT based wireless router that provides Internet access via LTE. The initial vulnerabilities were reported to the vendor and patches were made available however new critical vulnerabilities were subsequently introduced as a result.” continues the report. “Several firmware versions have been released, but some of the vulnerabilities have not been fully patched.”

The vendor has released roughly 10 firmware updates since the vulnerabilities have been reported.

On June 25, Mirch found 14,382 MoFi routers that were exposing their management interface online using the Shodan search engine.

At the time of writing, the number of exposed devices dropped to roughly 6,610.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, MoFi routers)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.