I have also submitted a CVE request in June 2024 (CVE Request 1744791)
CSRF Vulnerability: Attackers can force a password reset without the user's consent, compromising administrative access. Hidden Telnet Backdoor: A persistent telnet server can be enabled, granting root access with the web admin password. Root Privilege Escalation: Gaining admin access results in full control over the device. Weak Session Tokens: Session tokens can be brute-forced, allowing hijacking of admin sessions. Eternal Sessions: Sessions persist indefinitely, exposing users to long-term vulnerabilities.
These vulnerabilities combine to form a dangerous attack vector, enabling local network attackers to take control of the router without user interaction. The potential for exploitation exists both through 0-click and 1-click methods, making this a pressing concern for users.
Immediate remediation is necessary. and adhering to GPL requirements associated with their OpenWrt-based firmware.
Due to unacknowledged requests for responsible disclosure from Mercku, I have opted for full transparency. For a detailed examination of these findings, including proofs of concept and a complete discussion on the implications, please refer to the post at https://blog.nullvoid.me/posts/mercku-exploits .
Assistance in disseminating this information would be invaluable to ensure user awareness and prompt action from both Mercku and ISPs who distribute these devices.
Happy Hacking, [email protected]
OpenPGP_0x45E5F8C1504CDA42.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
