CVE-2021-27175

Vulnerability

The FiberHome HG6245D device, including firmware versions up to RP2613, stores the wireless configuration file wifictl_2g.cfg in cleartext with 0644 permissions, making the file readable by any user on the system. This file contains Wi-Fi passwords (and potentially other credentials) without encryption or obfuscation [1].

Exploitation

An attacker with local access to the device (e.g., via a shell obtained through another vulnerability, or physical access) can simply read /tmp/wifictl_2g.cfg or its location in the filesystem to retrieve the cleartext passwords. No authentication or special privilege is required beyond the ability to execute a file read command [1].

Impact

Successful exploitation leads to disclosure of Wi-Fi credentials, allowing the attacker to connect to the wireless network and perform further attacks on networked devices. This compromises confidentiality of network access credentials [1].

Mitigation

As of the publication date (2021-02-10), firmware version RP2613 is still vulnerable. No fix has been released by FiberHome. Restrict physical and logical access to the device to trusted users only. Monitor for future firmware updates that may address this issue [1].