Wattsense Bridge Bootloader and Root Shell Access Vulnerability via Serial Interface

A vulnerability exists in Wattsense Bridge devices, allowing physical access to the printed circuit board (PCB) to exploit a serial interface. This access enables interaction with the device's bootloader and a subsequent root shell. The issue is present in Wattsense Bridge firmware versions prior to 6.4.1 and has been documented by SEC Consult.

Impact

Exploitation of this vulnerability provides physical access to the device's bootloader, allowing for the creation of a backdoor by adding a new root user. Once the backdoor account is established, it can be used to access the device's Linux system via a login prompt, effectively granting full control over the device.

Reproduction

The vulnerability can be reproduced by physically accessing the Wattsense Bridge PCB and connecting to the serial interface pin header. After establishing a connection with a serial-USB adapter, the bootloader can be accessed and manipulated to create a root shell. This root shell can then be used to backdoor the device by adding a new root user, which can be logged into later.

Remediation

Users are advised to update to Wattsense Bridge firmware version 6.4.1 or later.