Each Italy Wireless Mini Router Incorrect Access Control Vulnerability Allowing Arbitrary Credential Changes

A vulnerability exists in the web management interface of the Each Italy Wireless Mini Router WIRELESS-N 300M, specifically in firmware version v28K.MiniRouter.20190211. The issue stems from incorrect access control, which allows attackers to change the administrator username and password arbitrarily by sending a crafted GET request. This vulnerability also affects the Telnet debug interface, as the changed credentials are shared between the web interface and Telnet. The login page of the web interface requires only the password, with the username hardcoded as 'admin' and not visible to users. Consequently, changing the username can lock legitimate users out of the interface.

Impact

Exploitation of this vulnerability allows for unauthorized changes to the administrator username and password, disrupting access for legitimate users and potentially granting unauthorized access to the Telnet debug interface.

Reproduction

To reproduce this vulnerability, send a crafted HTTP GET request to the device's web management interface. Include the desired username and password in the request. The change will be applied immediately, affecting both the web interface and the Telnet debug interface.