CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Flaw in ipTIME Routers Allows Remote Code Execution: Researcher

A researcher says there are 127 ipTIME router models plagued by a critical vulnerability that can be exploited by an unauthenticated attacker to remotely execute arbitrary code on affected devices.

A researcher says there are 127 ipTIME router models plagued by a critical vulnerability that can be exploited by an unauthenticated attacker to remotely execute arbitrary code on affected devices.

ipTIME is a brand of networking solutions developed by South Korea-based EFM Networks. The company’s products reportedly account for 60% of the personal networking devices market in South Korea, with roughly 10 million devices deployed in the country.

According to security researcher Pierre Kim, the firmware installed on many ipTIME routers is affected by a flaw that allows a remote attacker to bypass authentication and execute arbitrary code by using DHCP requests. The expert says the bug gives an attacker root access to the device’s embedded Linux system.

Kim says the vulnerability affects the default configuration of ipTIME routers running any firmware version released since 2009, including the latest 9.66 version released in June 2015. The vendor has also released version 9.68 of the firmware for certain devices, but the researcher believes this version is also likely vulnerable.

The researcher has noted that it’s possible to exploit this flaw to overwrite the firmware on ipTIME routers with a custom, backdoored firmware.

The vulnerability was uncovered by Kim in June 2014 and proof-of-concept (PoC) code was developed for it in April 2015. However, the vendor has not been notified.

“From my experience, contacting EFMNetworks ipTIME proved to be useless,” Kim wrote in an advisory published on Monday. “They don’t publish security information in the changelog, they don’t answer to security researchers and they don’t credit them either.”

In an advisory published last week, Kim revealed that ipTIME N104-r3 and likely other routers are also plagued by cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities. These issues have not been reported to the vendor either.

Advertisement. Scroll to continue reading.

Kim and Alexandre Torres had previously identified a remote code execution (RCE) vulnerability exploitable through HTTP requests. The bug affects a total of 112 routers, Wi-Fi access points, modems, and firewalls from ipTIME.

The experts attempted to notify ipTIME of this RCE bug in March 2015, but without success. They got through to ipTIME in April via the KOREA Computer Emergency Response Team (KrCERT) and the vulnerability was addressed by the vendor a few days later with the release of new firmware for the affected devices.

However, it appears the researcher is unhappy with the way ipTIME handles vulnerability reports, so he has decided to publicly disclose the existence of the latest bugs without informing the vendor.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.