Can you explain this vulnerability to me?

This vulnerability exists in multiple LB-LINK router models in the function bs_GetManPwd within the libblinkapi.so library, part of the /cgi-bin/lighttpd.cgi file. When exploited, it returns the administrator's username and password in plaintext directly to the client without any authentication checks. This allows unauthorized remote attackers to retrieve sensitive login credentials easily, leading to information disclosure. [1, 2]

Useful 0 Not Useful 0

How can this vulnerability impact me? :

The vulnerability can lead to unauthorized remote attackers obtaining the administrator's username and password in plaintext, compromising the confidentiality of the affected devices. This can allow attackers to gain unauthorized access to the router, potentially leading to further network compromise or misuse of the device. [1, 2]

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by sending a request to the /cgi-bin/lighttpd.cgi endpoint with the getmanpwd parameter and checking if the administrator's username and password are returned in plaintext without authentication. A simple detection command using curl would be: curl http://<router-ip>/cgi-bin/lighttpd.cgi?getmanpwd. If the response contains sensitive credentials in plaintext, the device is vulnerable. [1, 2]

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include applying restrictive firewall rules to block unauthorized remote access to the affected devices, especially blocking access to the /cgi-bin/lighttpd.cgi endpoint. Since no vendor patch or response is available, preventing remote access to the vulnerable function is critical. Monitoring for exploit attempts and isolating affected devices from untrusted networks are also recommended. [2]

Useful 0 Not Useful 0