2wcom IP-4c Broken Access Control Vulnerability

A broken access control vulnerability has been identified in the 2wcom IP-4c device running version 2.15.5. Certain sensitive endpoints are meant to be accessible only after an admin grants permission to a manager-level account. However, a manager can bypass these controls by intercepting and modifying requests using tools like Burp Suite.

Impact

This vulnerability allows manager-level users to access admin-only endpoints, potentially leading to unauthorized configuration changes, exposure of sensitive data, or disruptions in service.

Reproduction

To reproduce this vulnerability, log into the web interface as a manager-level user. Intercept a request using a tool like Burp Suite, and modify the endpoint to one of the vulnerable endpoints that should only be accessible to admins. Send the modified request, thereby bypassing the access control checks.

Remediation

It is recommended to implement strict access control checks on all sensitive endpoints, ensuring that only authorized roles have access. Additionally, auditing the access control logic in the web interface and updating the firmware to the latest version (if a fix is available) can help address this vulnerability. For immediate action, management interface access can be restricted to trusted IPs.