Mediabridge Medialink index.asp improper authentication

Vulnerability

The vulnerability resides in the /index.asp endpoint of the Mediabridge Medialink router, version V3.0 [1]. By manipulating the Cookie header with the value language=en; admin:language=en, an attacker can bypass the login authentication mechanism. The code path is reachable remotely without any prior authentication.

Exploitation

An attacker can exploit this by sending a crafted HTTP GET request to /index.asp with the specific Cookie header. No authentication or user interaction is required. The exploit has been publicly disclosed, including a proof-of-concept payload [1]. The request includes headers such as Referer: SVC://TARGET:PORT/login.asp and the malicious cookie.

Impact

Successful exploitation grants the attacker unauthorized access to the router's management interface. This can lead to full device compromise, including the ability to read sensitive configuration data, modify settings, or launch further attacks on the network. The impact is critical due to the lack of authentication required.

Mitigation

As of the publication date, no official patch or fix has been released by the vendor. Users are advised to restrict network access to the router's management interface (e.g., via firewall rules) and monitor for any vendor updates. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog at the time of writing.