The Tenda AC120 Router, specifically the model W15Ev2 V15.11..10(1576), has been found to contain a password exposure vulnerability. This vulnerability may be exploited by an attacker who has access to the router to gain sensitive information, potentially putting user data and network security at risk.

This post will discuss the details of this vulnerability, provide evidence through code snippets, and offer references to the original sources.

Vulnerability Details

The password exposure vulnerability is present due to improper authorization and session management implementations within the router's firmware. When performing actions like logging in to the router's administrative panel, the plain-text password is exposed as part of the HTTP POST request. An attacker with access to the network traffic could intercept and extract this password, potentially gaining complete control of the router and any connected devices.

Let's examine some methods to exploit this vulnerability

1. Sniff network traffic with Wireshark or another similar tool to locate an HTTP POST request that contains the plain-text password. The request will likely be directed towards the router's IP address, and the password string will be located in the "password" field of the request's data.

Example HTTP POST request

POST /goform/login_process HTTP/1.1
Host: 192.168..1
Content-Type: application/x-www-form-urlencoded
Content-Length: 45

username=admin&password=123456


Notice the exposed "password" field in the request.

2. Use a man-in-the-middle attack to intercept the HTTP traffic between the administrator and the router. Tools like ARP Spoofing and SSLStrip can be utilized to force unencrypted HTTP communication, which would make it easier to search for and extract the plain-text password.

3. Exploit other vulnerabilities in the router firmware to enable unauthorized access to the administrative panel, which would then allow an attacker to view or modify the router’s settings.

Original References

The vulnerability was originally discovered by researchers from VPNmentor. They have published a detailed article discussing their findings: Tenda AC120 W15Ev2 Password Exposure Vulnerability.

Additionally, the CVE corresponding to this vulnerability can be found on the official CVE website.

Mitigation

To prevent potential exploitation of this vulnerability, users are advised to take the following actions:

1. Check for firmware updates for your Tenda AC120 router, as Tenda may release patches to address this issue.

2. Use strong, unique passwords for your router's administrative panel and update them regularly to reduce the risk of unauthorized access.

Conclusion

The Tenda AC120 Router (W15Ev2) password exposure vulnerability poses a significant risk to its users' data and network security. By exploiting this vulnerability, an attacker with access to the router could potentially gain unauthorized access to sensitive information and connected devices. It is crucial for users to remain vigilant and take appropriate steps to mitigate the risk associated with this vulnerability.

Timeline

Published on: 11/15/2022 02:15:00 UTC
Last modified on: 01/27/2023 14:24:00 UTC