Categories: Hacking

ADB Pirelli Home routers in Spain and Argentina affected by critical flaws

The Spanish security researcher Eduardo Novella has disclosed details of two critical vulnerabilities affecting a specific ADB Pirelli home wireless router.

The security researcher at Dutch security audit firm Fox-IT, Eduardo Novella, has discovered two critical vulnerabilities affecting a model of ADB Pirelli home wireless router.

Novella decided to publicly disclose the vulnerabilities because the device manufacturer and the companies that are distributing the router on the market have ignored his reports.

This specific router, ADB Pirelli ADSL2 data gateway PDG A4001N, is provided by Spanish broadband provider Movistar and Argentinian ISP Arnet to their customers.

Pirelli home router

Novella discovered the first vulnerability in the Pirelli router early 2013, and he ethically reported it to both Pirelli and Movistar.

The researcher explained that it is very easy to exploit the flaw as reported in the official advisory:

“These routers are vulnerable to fetch HTML code from any IP public over the world. Neither authentication nor any protection to avoid unauthorized extraction of sensitive information,” he said.

The vulnerability coded as CVE-2015-0554 is an information disclosure flaw that could be exploited by an attacker to completely control the router settings and allow remote monitoring on home networks.

The vulnerability is serious because the attackers can exploit it to compose a botnet to run illegal activities (i.e. run a DDoS attack against a specific target.

The researcher also published the PoC code that can be used to extract session keys, the Wi-Fi’s network password, reboot the device, etc.

Novella suggests to disable the remote connection for secure the Pirelli router, another option for the owner of the Pirelli routers is to update the device’s firmware or install a third-party one (i.e. OpenWRT or DDWRT).

The second vulnerability discovered by Novella, coded CVE-2015-0558, could be exploited by an attacker to reverse-engineer the Pirelli router’s firmware and extract the default key generation algorithm and, consequently, to determine the device’s default Wi-Fi encryption keys.

Pierluigi Paganini

(Security Affairs – ADB Pirelli, Hacking)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.