In wireless LAN equipment that is supposedly used to provide internet connectivity in flights, two serious aircraft wifi devices vulnerabilities were discovered.
The Flexlan Forex3000 and Forex2000 series wi-fi LAN equipment made by Contec was affected by the weaknesses discovered by Thomas Knudsen and Samy Younsi of Necrum Security Labs.
The security researchers, referring to the vulnerability tracked as CVE-2022-36158, wrote in an advisory. “Shortly after undertaking reverse engineering of the firmware, we found that a hidden page not listed in the Wireless LAN Manager interface makes it possible to execute Linux commands on the system with root privileges”.
“From here, we had access to all the system files. Also, the ability to open the telnet port and have full control over the machine.”
In the warning, Knudsen and Younsi also discussed another vulnerability (tagged as CVE-2022-36159). This involves the usage of backdoor accounts and weak hard-coded cryptographic keys.
Necrum Security Labs stated that “Throughout the course of our analysis, we also discovered that the /etcetera/shadow file. This file composes of the hash of two individuals (person and root). It took us a few minutes to improve by a brute-force assault.
The problem in this article, according to security experts, is that the system owner can only modify the password for the account user. The web administration interfaces because the root account is reserved for Contec (likely for upkeep uses).
Knudsen and Younsi commented, “an attacker with the root hard-coded password can access all FXA2000 series and FXA3000 series devices”.
Weak Passwords
The researchers suggested removing the hidden engineering webpage from the devices in manufacturing to address the first vulnerability because the default password is so vulnerable.
Experts say this weak default password makes it easy for attackers to inject a backdoor as a result of this URL.
Necrum Security Labs advised Contec to generate a unique password for each and every device throughout the manufacturing process.
These are hardly the first flaws in wi-fi devices that have been discovered in recent months. For instance, Quick7 recently identified vulnerabilities in two Baxter Healthcare TCP/IP-enabled medical devices, one of which was a WiFi Battery.