CVE-2020-35756 — HIGH (7.5)

Vulnerability Description

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service GETPASS Configuration Password Information Leak. The luci_service daemon running on port 7777 does not require authentication to return the device configuration password in cleartext when using the GETPASS command. As such, any unauthenticated person with access to port 7777 on the device will be able to leak the user's personal device configuration password by issuing the GETPASS command.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Librewireless	Ls9 Firmware	7040
Librewireless	Ls9	-

Related Weaknesses (CWE)

CWE-306

References

https://www.iot-inspector.com/blog/advisory-multiple-issues-libre-wireless-ls9/ExploitThird Party Advisory
https://www.iot-inspector.com/blog/advisory-multiple-issues-libre-wireless-ls9/ExploitThird Party Advisory

FAQ

What is CVE-2020-35756?

CVE-2020-35756 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service GETPASS Configuration Password Information Leak. The luci_service daemon running on port 7777 does not requir...

How severe is CVE-2020-35756?

CVE-2020-35756 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-35756?

Check the references section above for vendor advisories and patch information. Affected products include: Librewireless Ls9 Firmware, Librewireless Ls9.