Intelbras RX1500 and RX3000 Access Control Vulnerability Allowing Unauthenticated Access to Router Settings

An access control vulnerability has been identified in the Intelbras RX1500 router running version 2.2.9 and the RX3000 router on version 1.0.11. This vulnerability allows unauthenticated attackers to access the routers' settings files and extract potentially sensitive information. The issue arises from a lack of proper permissions validation, enabling unauthorized users to download configuration files and log files containing sensitive data. Additionally, various router functionalities can be accessed without authentication if an administrator is logged in at the time of exploitation.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive router configuration files and logs, which may contain personal information or details about the user's network. Furthermore, the vulnerability allows for direct access to several router features, such as editing firewall rules and Wi-Fi settings, without authentication.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/cgi-bin/ExportSettings.sh' endpoint without authentication. This request should include the 'Export' parameter set to 'Export', which triggers the router to respond with the configuration file containing sensitive information. Alternatively, if an administrator is logged in, the same unauthenticated access can be achieved by sending requests to manipulate router settings or retrieve logs, taking advantage of the active administrative session.

Remediation

Users are advised to update to the patched firmware version 2.2.12 for the RX1500 and version 1.0.21 for the RX3000, both released in November 2024.