Data Continuity
Backup and recovery services are a necessity for todays modern networks. We can help to determine where and when your data needs to live to be sure it's always available
IT Consulting, Service and Management
Our decades of implementation and integration experience allows us to deliver best-of-class IT services to our customers
Cloud Services
With so many options and implementation scenarios available, let us help you determine how best to use new services available from the cloud.
Since 1996, our goal has been to help our clients maximize productivity and efficiency by expertly maintaining existing infrastructures, as well as designing and implementing new technologies, allowing them to continue growing into the future.
...
We focus on business process design and strategize and implement policies for continuous improvement and integration.
- Knowledgeable and friendly staff
- Flexible consumption-based pricing models
- Online strategy and consulting services
- Decades of experience
News, updates, trends and the latest
info you need to know about IT
October 23, 2024
Overview
A command injection vulnerability has been identified in the Wi-Fi Test Suite, a tool developed by the WiFi Alliance, which has been found deployed on Arcadyan routers. This flaw allows an unauthenticated local attacker to exploit the Wi-Fi Test Suite by sending specially crafted packets, enabling the execution of arbitrary commands with root privileges on the affected routers.
Description
The Wi-Fi Test Suite, as described by its developer, was originally created by the Wi-Fi Alliance—a global non-profit industry association responsible for Wi-Fi standards—to support the development of certification programs and device certification. This software was not designed for use in production environments. However, it has been discovered in commercial router deployments, exposing a vulnerbility in the test code in production. The Wi-Fi Test Suite contains vulnerable code that is susceptible to command injection attacks. An attacker can exploit this vulnerability by sending specially crafted packets to a device running the Wi-Fi Test Suite, allowing them to execute commands with administrative (root) privileges.
CVE-2024-41992
It is possible for an unauthenticated local attacker to use specially crafted packets to execute commands as root.
Impact
An attacker who successfully exploits this vulnerability can gain full administrative control over the affected device. With this access, the attacker can modify system settings, disrupt critical network services, or reset the device entirely. These actions can result in service interruptions, compromise of network data, and potential loss of service for all users dependent on the affected network.
Solution
The CERT/CC recommends that vendors, who have included the Wi-Fi Test Suite, to update it to version >=9.0 or remove it entirely from production devices to reduce the risk of exploitation.
Acknowledgements
Thanks to the reporter Noam Rathaus from SSD Disclosure. This document was written by Timur Snoke.
October 6, 2023
Update 10/8/2023 Data carrier indicated that there was a failure of one of their core routers. They have replaced it […]
March 8, 2023
As with most nerds these days, I have been pretty enamored with the ability of ChatGPT to cull data from the net and write some fairly amazing stuff with it.