Researchers Uncover Command Injection Flaw in Wi-Fi Alliance’s Check Suite

Oct 25, 2024Ravie LakshmananVulnerability / Wi-Fi Safety

A safety flaw impacting the Wi-Fi Check Suite may allow unauthenticated native attackers to execute arbitrary code with elevated privileges.

The CERT Coordination Heart (CERT/CC) stated the vulnerability, tracked as CVE-2024-41992, stated the vulnerable code from the Wi-Fi Alliance has been discovered deployed on Arcadyan FMIMG51AX000J routers.

“This flaw allows an unauthenticated local attacker to exploit the Wi-Fi Test Suite by sending specially crafted packets, enabling the execution of arbitrary commands with root privileges on the affected routers,” the CERT/CC stated in an advisory launched Wednesday.

Cybersecurity

Wi-Fi Check Suite is an built-in platform developed by the Wi-Fi Alliance that automates testing Wi-Fi parts or gadgets. Whereas open-source parts of the toolkit are publicly accessible, the complete package deal is obtainable solely to its members.

SSD Safe Disclosure, which launched particulars of the flaw again in August 2024, described it as a case of command injection that would allow a risk actor to execute instructions with root privileges. It was initially reported to the Wi-Fi Alliance in April 2024.

An impartial researcher, who goes by the web alias “fj016” has been credited with uncovering and reporting the safety shortcomings. The researcher has additionally made accessible a proof-of-concept (PoC) exploit for the flaw.

CERT/CC famous that the Wi-Fi Check Suite will not be supposed to be used in manufacturing environments, and but has been found in industrial router deployments.

“An attacker who successfully exploits this vulnerability can gain full administrative control over the affected device,” it stated.

“With this access, the attacker can modify system settings, disrupt critical network services, or reset the device entirely. These actions can result in service interruptions, compromise of network data, and potential loss of service for all users dependent on the affected network.”

Cybersecurity

Within the absence of a patch, distributors who’ve included the Wi-Fi Check Suite are really helpful to both take away it utterly from manufacturing gadgets or replace it to model 9.0 or later to mitigate the danger of exploitation.

The Hacker Information has reached out to the Wi-Fi Alliance for additional remark, and we’ll replace the story once we hear again.

Discovered this text attention-grabbing? Comply with us on Twitter and LinkedIn to learn extra unique content material we publish.

Recent articles