CVE-2020-35757

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is Unauthenticated Root ADB Access Over TCP. The LS9 web interface provides functionality to access ADB over TCP. This is not enabled by default, but can be enabled by sending a crafted request to a web management interface endpoint. Requests made to this endpoint do not require authentication. As such, any unauthenticated user who is able to access the web interface will be able to gain root privileges on the LS9 module.

CVSS v3 9.8 CRITICAL
CVSS v2.0 9.3 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.iot-inspector.com/blog/advisory-multiple-issues-libre-wireless-ls9/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:librewireless:ls9_firmware:7040:*:*:*:*:*:*:*

cpe:2.3:h:librewireless:ls9:-:*:*:*:*:*:*:*

History

12 Jul 2022, 17:42

Type	Values Removed	Values Added
CWE	~~CWE-269~~	CWE-306

19 May 2021, 14:21

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 9.3 v3 : 9.8
References	~~(MISC) https://www.iot-inspector.com/blog/advisory-multiple-issues-libre-wireless-ls9/ -~~	(MISC) https://www.iot-inspector.com/blog/advisory-multiple-issues-libre-wireless-ls9/ - Exploit, Third Party Advisory
CWE		CWE-269
CPE		cpe:2.3:o:librewireless:ls9_firmware:7040:::::::* cpe:2.3:h:librewireless:ls9:-:::::::*

03 May 2021, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-05-03 21:15

Updated : 2023-12-10 13:55

NVD link : CVE-2020-35757

Mitre link : CVE-2020-35757

CVE.ORG link : CVE-2020-35757

JSON object : View

Products Affected

librewireless

ls9
ls9_firmware

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2020-35757", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-05-03T21:15:07.270", "references": [{"url": "https://www.iot-inspector.com/blog/advisory-multiple-issues-libre-wireless-ls9/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is Unauthenticated Root ADB Access Over TCP. The LS9 web interface provides functionality to access ADB over TCP. This is not enabled by default, but can be enabled by sending a crafted request to a web management interface endpoint. Requests made to this endpoint do not require authentication. As such, any unauthenticated user who is able to access the web interface will be able to gain root privileges on the LS9 module."}, {"lang": "es", "value": "Se detect\u00f3 un problema en los dispositivos Libre Wireless LS9 versi\u00f3n LS1.5/p7040. Se presenta un acceso ADB Root No Autenticado a trav\u00e9s de TCP. La interfaz web LS9 proporciona una funcionalidad para acceder a ADB a trav\u00e9s de TCP. Esto no est\u00e1 habilitado por defecto, pero puede ser habilitado mediante el env\u00edo de una petici\u00f3n dise\u00f1ada a un endpoint de la interfaz de administraci\u00f3n web. Las peticiones realizadas a este endpoint no requieren autenticaci\u00f3n. Como tal, cualquier usuario no autenticado que pueda acceder a la interfaz web podr\u00e1 obtener privilegios de root en el m\u00f3dulo LS9."}], "lastModified": "2022-07-12T17:42:04.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:librewireless:ls9_firmware:7040:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD8392D3-FEA4-4BFA-A35C-2E17F9081F31"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:librewireless:ls9:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "70E3ECA6-A10C-4234-B879-08AB7342CBAA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}