Bharti Airtel Xstream Fiber WiFi Weak Password Vulnerability

A vulnerability exists in Bharti Airtel Xstream Fiber WiFi routers, affecting versions through January 23, 2025. The issue arises from the WiFi Password Handler component, which implements a weak password scheme that can be easily brute-forced. The initial WiFi password consists of five random digits, prefixed by 'air', creating a predictable pattern. This vulnerability can be exploited by capturing the WiFi handshake and offline cracking the password, potentially leading to unauthorized access to the WiFi network and subsequent attacks, such as Man-in-the-Middle (MiTM) attacks.

Impact

Exploitation of this vulnerability allows for offline cracking of the WiFi password, leading to unauthorized access to the WiFi network. This access could be used to conduct further attacks, such as Man-in-the-Middle (MiTM) attacks.

Reproduction

To reproduce this vulnerability, first identify a vulnerable Airtel Xstream Fiber WiFi router by looking for SSIDs that follow a specific pattern. Once a vulnerable SSID is identified, capture the WiFi handshake using airodump-ng. After capturing the handshake, use aircrack-ng with a custom wordlist to crack the WiFi password. The wordlist can be generated using crunch to create a list of all possible five-digit combinations, which can then be formatted to match the password pattern used by Airtel.

Remediation

Users are advised to manually change the default WiFi password to something more secure. Consult the Airtel customer support or website for guidance on updating WiFi password settings.