A German security researcher discovered how to retrieve the admin credentials from a TP-Link M5350 3G/Wi-Fi modem with an evil text message
Some bugs are very strange and dangerous, this is the case of a flaw affecting the TP-Link’s M5350 3G/Wi-Fi router that can expose admin credentials to an evil text message.
The bug was discovered by the security researcher Jan Hörsch from the German firm Securai, basically, it is a cross-site scripting (XSS) vulnerability that could be exploited by an attacker by simply sending an SMS containing the following attack script:
“Among other things, he showed that the mobile router from TP-Link M5350 is permanently vulnerable to cross-site scripting, which is triggered by SMS. If an attacker sends an SMS with the appropriate content, the router answers with the login data of the admin – including the password in the plaintext.” reported the Heise.de.
Hörsch conducted an intensive research on various Internet-of-Things devices discovering multiple vulnerabilities. He analyzed the firmware running on several smart objects and discovered multiple bugs easy to exploit, the results of the research were presented at the recent Kaspersky Security Analyst Summit.
The flaw in the TP-Link’s M5350 3G/Wi-Fi modem appears like a feature created by developers, likely for testing purposes, unfortunately, it wasn’t removed in production.
The device’s admin credentials can be retrieved by an attacker with a simple text message, the router replies with admin username, admin password, its SSID, and its login password.
It is unlikely that the bug has been fixed by TP-Link, giving a look at the firmware download page for the TP-Link M5350 it is possible to verify that the most-recent version for the flawed device is M5350_V2_140115, released in January 2015.
Hörsch also analyzed a Panasonic BM ET200 retina scanner and a Startech modem, both devices affected by flaws.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.