image
A popular Wi-Fi extender for the home has multiple unpatched vulnerabilities, including the use of a weak, default password, according to researchers. Also, two of the bugs could allow complete remote control of the device. The flaws have been found in Tenda PA6 Wi-Fi Powerline extender, version 1.0.1.21, which extends the wireless network throughout the house using HomePlug AV2 technology. “A compromised device can become part of an internet of things (IoT) botnet that launches distributed denial-of-service (DDoS) attacks, used to pivot to other connected devices, leveraged to mine for cryptocurrency or used in various other unauthorized ways,” explained researchers at IBM X-Force, in a posting last week. Web Server Woes The first two bugs are a command-injection issue (CVE-2019-16213); and a critical buffer overflow (CVE-2019-19505). They are found in the extender device’s web server, under a process named “httpd.” The command-injection vulnerability carries a rating of 8.8 out of 10 on the CVSS severity scale. It arises from the fact that under the “Powerline” section in the user interface (UI) of the extender’s web server, the user can see and change the name of the other powerline communication (PLC) devices which are attached to the same powerline network. An authenticated user can inject an arbitrary command just by changing the device name of an attached PLC adapter with a specially crafted string, the researchers noted. Since the web server is running with root…

Source