Software vulnerabilities that affect critical network infrastructure components, namely wireless routers, in this case, can be particularly dangerous in contrast with common everyday software weaknesses. Although software vulnerabilities are much more common, router software vulnerabilities do happen and have been reported by established global hardware providers like Cisco, D-Link, and NetGear e.g. zero-day flaws, management interface security flaws, and issues with smart switches. Companies like these provide routers to people and businesses all over the world, which makes such vulnerabilities all the more concerning.
Why Are Routers Vulnerable?
A router deals with internet traffic directly, before it gets to the OS and computer itself. As such, a router is the first line of defense -the most critical component in a connected system. However, oftentimes internal router security is not commensurate with the key tasks a router has to deal with. This is especially true where consumer routers are concerned. One of the reasons for this is that typical ISP routers usually have very lax security by default, lack antivirus protection, and often do not have firewall protection. Secondly, router software is “developed as cheaply as possible” and router software patches are few and far in-between.
Multiple Vulnerabilities Affecting ZTE MF971R Routers
In yet another instance of router vulnerabilities, two reports (here, and here) posted by Cisco Talos Intelligence Group released on October 18th, 2021 detail multiple vulnerabilities affecting ZTE’s MF971R portable router model line. Specifically, the vulnerabilities stem from a part of the ZTE MF971R web application. The vulnerabilities can easily lead to complete system compromise by a remote malicious threat. The software vulnerabilities have been discovered by Marcin ‘Icewall’ Noga of Cisco Talos.
ZTE routers are produced in China, which along with Huawei were banned in the United States due to the United States’ suspicions concerning the intentions of the two companies. Both companies are heavily invested in 5G network technology, as well as cloud computing, Big Data, and IoT.
Technical Details About The Software Vulnerability
- A Stack-based Buffer Overflow vulnerability (CVE-2021-21748) allows a remote attacker to execute arbitrary code on the target system. It exists due to a boundary error in ADB_MODE_SWITCH API-related code. A remote unauthenticated attacker can trick a victim to visit a specially crafted link, trigger a stack-based buffer overflow and execute arbitrary code on the target system. Successful exploitation of this vulnerability may result in the complete compromise of a vulnerable system.
- A similar second Stack-based Buffer Overflow vulnerability (CVE-2021-21749) can lead to the complete compromise of a vulnerable system.
Exploitable PoC Confirmed
An exploit Proof of Concept (POC) has been confirmed as available for both of the above software vulnerabilities.
Vulnerable Software Versions
All software versions of the ZTE MF971R model router are affected by the above software vulnerabilities.
Important User Information
Since there is a working exploit (as proven by a public PoC) that puts users of these routers at risk, it is advisable that users immediately patch their router software. ZTE is an open-source platform, and as such to update to the latest secure version users may;