CVE-2020-35755 — HIGH (7.5)

Vulnerability Description

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service Read_ NVRAM Direct Access Information Leak. The luci_service deamon running on port 7777 provides a sub-category of commands for which Read_ is prepended. Commands in this category are able to directly read the contents of the device configuration NVRAM. The NVRAM contains sensitive information, such as the Wi-Fi password (in cleartext), as well as connected account tokens for services such as Spotify.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Librewireless	Ls9 Firmware	7040
Librewireless	Ls9	-

Related Weaknesses (CWE)

CWE-306

References

https://www.iot-inspector.com/blog/advisory-multiple-issues-libre-wireless-ls9/ExploitThird Party Advisory
https://www.iot-inspector.com/blog/advisory-multiple-issues-libre-wireless-ls9/ExploitThird Party Advisory

FAQ

What is CVE-2020-35755?

CVE-2020-35755 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service Read_ NVRAM Direct Access Information Leak. The luci_service deamon running on port 7777 provides a sub-categ...

How severe is CVE-2020-35755?

CVE-2020-35755 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-35755?

Check the references section above for vendor advisories and patch information. Affected products include: Librewireless Ls9 Firmware, Librewireless Ls9.