Cloud to Firmware Exploitation Revealed by Otorio’s Research

May 24, 2023

The Cloud to Firmware exploitation revealed by Otorio’s Research can be viewed as a chain in the same way so many cybersecurity events are described, showing that a cybersecurity program’s strength is often determined by its weakest link. In the case at hand, the links are represented by a collection of vulnerabilities (CVE-2023-22597, CVE-2023-22598, CVE-2023-22599, CVE-2023-22600, CVE-2023-22601) discovered in the cloud platform ‘Device Manager’ and firmware of InHand Networks’ InRouter by the security researchers at OTORIO. Each vulnerability, though significant on its own, forms a part of a larger, more intricate puzzle when combined.

Cloud to Firmware Exploitation – First vulnerability 

CVE-2023-22597 represents a problem of clear text transmission of sensitive information. This sets the stage for the #cyberattack , as it allows an adversary to intercept communications between the InRouter and the #cloud platform. A bit like leaving your house keys under the doormat; it’s not a problem until someone unsavory discovers them.

Cloud to Firmware Exploitation – Second vulnerability 

CVE-2023-22598 further deepens the problem. This vulnerability lies in the improper neutralization of special elements used in an OS command. It’s like giving an unauthorized person a magic phrase they can use to open your locked doors.

Cloud to Firmware Exploitation – Third vulnerability 

CVE-2023-22599 involves the predictable salt used for hashing. A bit like using your birthday as your PIN number; it might seem secure until someone knows to look for it.

Cloud to Firmware Exploitation – Fourth vulnerability 

CVE-2023-22600 concerns improper access control, allowing unauthenticated devices to subscribe to MQTT topics. It’s akin to a confidential meeting where the door is left open and unverified attendees can listen in.

Cloud to Firmware Exploitation – Fifth vulnerability 

CVE-2023-22601 involves the use of insufficiently random values. Imagine a lottery where the winning numbers are predictable – it quickly loses its fairness.

Taken alone, each vulnerability presents a considerable risk, but when combined or “chained,” they pave a veritable highway for exploitation. The cyber attacker managed to exploit these vulnerabilities in sequence, allowing them to gain control over any connected router or even target a specific router using its serial number. It’s a sobering reminder that in the world of cybersecurity, the whole is often much worse than the sum of its parts.

Thanks to the Otorio team for a responsible disclosure.

Learn more about the DeepSeas vulnerability management solution.