Published on: 05/03/2021 12:00:00 AM UTC
Last Modified on: 05/04/2021 10:21:00 AM UTC
The following vulnerability was found:
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service Read_ NVRAM Direct Access Information Leak. The luci_service deamon running on port 7777 provides a sub-category of commands for which Read_ is prepended. Commands in this category are able to directly read the contents of the device configuration NVRAM. The NVRAM contains sensitive information, such as the Wi-Fi password (in cleartext), as well as connected account tokens for services such as Spotify.
- CVE-2020-35755 has been assigned by [email protected] to track the vulnerability
|Advisory: Multiple Issues in Libre Wireless LS9 Modules - And the Problem with Third Party Products - IoT Inspector|| www.iot-inspector.com |