The security researcher at Dutch security audit firm Fox-IT, Eduardo Novella, has discovered two critical vulnerabilities affecting a model of ADB Pirelli home wireless router.
Novella decided to publicly disclose the vulnerabilities because the device manufacturer and the companies that are distributing the router on the market have ignored his reports.
This specific router, ADB Pirelli ADSL2 data gateway PDG A4001N, is provided by Spanish broadband provider Movistar and Argentinian ISP Arnet to their customers.
Novella discovered the first vulnerability in the Pirelli router early 2013, and he ethically reported it to both Pirelli and Movistar.
The researcher explained that it is very easy to exploit the flaw as reported in the official advisory:
“These routers are vulnerable to fetch HTML code from any IP public over the world. Neither authentication nor any protection to avoid unauthorized extraction of sensitive information,” he said.
The vulnerability coded as CVE-2015-0554 is an information disclosure flaw that could be exploited by an attacker to completely control the router settings and allow remote monitoring on home networks.
The vulnerability is serious because the attackers can exploit it to compose a botnet to run illegal activities (i.e. run a DDoS attack against a specific target.
The researcher also published the PoC code that can be used to extract session keys, the Wi-Fi’s network password, reboot the device, etc.
Novella suggests to disable the remote connection for secure the Pirelli router, another option for the owner of the Pirelli routers is to update the device’s firmware or install a third-party one (i.e. OpenWRT or DDWRT).
The second vulnerability discovered by Novella, coded CVE-2015-0558, could be exploited by an attacker to reverse-engineer the Pirelli router’s firmware and extract the default key generation algorithm and, consequently, to determine the device’s default Wi-Fi encryption keys.
(Security Affairs – ADB Pirelli, Hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.