Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Flaw in ipTIME Routers Allows Remote Code Execution: Researcher

A researcher says there are 127 ipTIME router models plagued by a critical vulnerability that can be exploited by an unauthenticated attacker to remotely execute arbitrary code on affected devices.

A researcher says there are 127 ipTIME router models plagued by a critical vulnerability that can be exploited by an unauthenticated attacker to remotely execute arbitrary code on affected devices.

ipTIME is a brand of networking solutions developed by South Korea-based EFM Networks. The company’s products reportedly account for 60% of the personal networking devices market in South Korea, with roughly 10 million devices deployed in the country.

According to security researcher Pierre Kim, the firmware installed on many ipTIME routers is affected by a flaw that allows a remote attacker to bypass authentication and execute arbitrary code by using DHCP requests. The expert says the bug gives an attacker root access to the device’s embedded Linux system.

Kim says the vulnerability affects the default configuration of ipTIME routers running any firmware version released since 2009, including the latest 9.66 version released in June 2015. The vendor has also released version 9.68 of the firmware for certain devices, but the researcher believes this version is also likely vulnerable.

The researcher has noted that it’s possible to exploit this flaw to overwrite the firmware on ipTIME routers with a custom, backdoored firmware.

The vulnerability was uncovered by Kim in June 2014 and proof-of-concept (PoC) code was developed for it in April 2015. However, the vendor has not been notified.

“From my experience, contacting EFMNetworks ipTIME proved to be useless,” Kim wrote in an advisory published on Monday. “They don’t publish security information in the changelog, they don’t answer to security researchers and they don’t credit them either.”

In an advisory published last week, Kim revealed that ipTIME N104-r3 and likely other routers are also plagued by cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities. These issues have not been reported to the vendor either.

Kim and Alexandre Torres had previously identified a remote code execution (RCE) vulnerability exploitable through HTTP requests. The bug affects a total of 112 routers, Wi-Fi access points, modems, and firewalls from ipTIME.

The experts attempted to notify ipTIME of this RCE bug in March 2015, but without success. They got through to ipTIME in April via the KOREA Computer Emergency Response Team (KrCERT) and the vulnerability was addressed by the vendor a few days later with the release of new firmware for the affected devices.

However, it appears the researcher is unhappy with the way ipTIME handles vulnerability reports, so he has decided to publicly disclose the existence of the latest bugs without informing the vendor.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.