Each Italy Wireless Mini Router WIRELESS-N 300M Plaintext Password Storage Vulnerability

A vulnerability exists in the Each Italy Wireless Mini Router WIRELESS-N 300M, specifically in firmware version v28K.MiniRouter.20190211, due to the device storing the administrator password in plaintext. This sensitive information can be easily accessed through the web management interface pages '/login.htm' and '/pass.htm', which expose the credentials within a script in the HTML source. Additionally, the session cookie is transmitted without protection, containing a base64-encoded 'username:password' that, when decoded, reveals the administrator credentials. The lack of HTTPS means all traffic can be intercepted by an attacker.

Impact

Exploitation of this vulnerability allows for unauthorized retrieval of administrator credentials, which could lead to further unauthorized access or actions within the device's management interface.

Reproduction

To reproduce this vulnerability, access the '/login.htm' or '/pass.htm' pages on the affected router. The administrator password will be visible in plaintext within the HTML source. After logging in, the session cookie can be inspected, revealing the base64-encoded credentials. This cookie can be intercepted through network sniffing or physical access to the device.