Multiple Issues in Libre Wireless LS9 Modules
Original Post:
We discussed this vulnerability during Episode 75 on 04 May 2021
Some meme worthy vulnerabilities like unauthenticated root ADB access, don’t worry its not enabled by default. But the request to enable it doesn’t require authentication.
On :7777 luci_server is running, it has a custom binary protocol but there is a GETPASS command that doesn’t require authentication and can be used to retrieve the password.
The same service has various READ_ commands that can be used to read device config values without authentication. Including things like wifi pass.