Alcatel-Lucent OmniAccess Stellar Access Points Weak Session ID Vulnerability in Web Management Interface

A vulnerability exists in the web management interface of Alcatel-Lucent OmniAccess Stellar Access Points, specifically in the AP1100, AP1200, AP1300, AP1400, and AP1500 families, all running AWOS versions 5.0.2GA and earlier. This vulnerability allows an unauthenticated attacker to spoof a login request and obtain a valid session ID with administrator privileges. The exploitation could enable the attacker to modify the behavior of the access point. The issue arises because the API signature is generated using a hard-coded key, allowing for the crafting of payloads that bypass authentication.

Impact

Exploitation of this vulnerability could lead to unauthorized access with administrator privileges, allowing for modifications to the access point's behavior. This vulnerability is part of a group of vulnerabilities that could collectively allow an attacker to gain full control over the access point.

Remediation

Users are advised to upgrade to AWOS 5.0.2MR1. For those managing OmniAccess Stellar APs, it is recommended to use the OmniVista management platform and disable the web interface on the access points.