Cloud to Firmware Exploitation Revealed by Otorio’s Research
May 24, 2023
The Cloud to Firmware exploitation revealed by Otorio’s Research can be viewed as a chain in the same way so many cyber security events are described, showing that a cyber security program’s strength is often determined by its weakest link. In the case at hand, the links are represented by a collection of vulnerabilities (CVE-2023-22597, CVE-2023-22598, CVE-2023-22599, CVE-2023-22600, CVE-2023-22601) discovered in the cloud platform ‘Device Manager’ and firmware of InHand Networks’ InRouter by the security researchers at OTORIO. Each vulnerability, though significant on its own, forms a part of a larger, more intricate puzzle when combined.
Cloud to Firmware Exploitation – First vulnerability
CVE-2023-22597 represents a problem of clear text transmission of sensitive information. This sets the stage for the #cyberattack , as it allows an adversary to intercept communications between the InRouter and the #cloud platform. A bit like leaving your house keys under the doormat; it’s not a problem until someone unsavory discovers them.
Cloud to Firmware Exploitation – Second vulnerability
CVE-2023-22598 further deepens the problem. This vulnerability lies in the improper neutralization of special elements used in an OS command. It’s like giving an unauthorized person a magic phrase they can use to open your locked doors.
Cloud to Firmware Exploitation – Third vulnerability
CVE-2023-22599 involves the predictable salt used for hashing. A bit like using your birthday as your PIN number; it might seem secure until someone knows to look for it.
Cloud to Firmware Exploitation – Fourth vulnerability
CVE-2023-22600 concerns improper access control, allowing unauthenticated devices to subscribe to MQTT topics. It’s akin to a confidential meeting where the door is left open and unverified attendees can listen in.
Cloud to Firmware Exploitation – Fifth vulnerability
CVE-2023-22601 involves the use of insufficiently random values. Imagine a lottery where the winning numbers are predictable – it quickly loses its fairness.
Taken alone, each vulnerability presents a considerable risk, but when combined or “chained,” they pave a veritable highway for exploitation. The cyber attacker managed to exploit these vulnerabilities in sequence, allowing them to gain control over any connected router or even target a specific router using its serial number. It’s a sobering reminder that in the world of cyber security, the whole is often much worse than the sum of its parts.
Thanks to the Otorio team for a responsible disclosure.