Axel Technology WOLF1MS and WOLF2MS Broken Access Control Vulnerability

A broken access control vulnerability has been identified in Axel Technology WOLF1MS and WOLF2MS devices running firmware versions 0.8.5 to 1.0.3. The vulnerability arises from missing authentication on the '/cgi-bin/gstFcgi.fcgi' endpoint, allowing unauthenticated remote attackers to access sensitive administrative functions. Exploitation of this vulnerability enables attackers to list user accounts, create new administrative users, delete existing users, and modify system settings, potentially leading to a full compromise of the device.

Impact

Exploitation of this vulnerability allows for unauthorized access to administrative functions, including user account management and system settings modification. This could result in unauthorized privilege escalation and complete control over the affected device.

Reproduction

The vulnerability can be reproduced by sending unauthenticated POST requests to the '/cgi-bin/gstFcgi.fcgi' endpoint. This can be done using tools like curl or through a Python script that automates the process. The absence of authentication checks on this endpoint allows for direct access to administrative functions.

Remediation

To address this vulnerability, it is recommended to implement authentication for all sensitive endpoints, enforce role-based access control, and restrict administrative access to trusted IP addresses. Until a patch is available, administrators should monitor network traffic for suspicious activity and require a VPN or secure tunnel for administrative access.