DEV Systemtechnik DEV 7113 RF over Fiber Distribution System Broken Access Control Vulnerability

A broken access control vulnerability has been identified in the DEV Systemtechnik DEV 7113 RF over Fiber Distribution System, specifically in the device firmware version 32-0078 H.01. This vulnerability allows unauthenticated attackers to access a hidden administrative endpoint at '/maintenance'. Exploitation of this vulnerability could lead to full device compromise, including unauthorized administrative access, factory resets, arbitrary reboots, disclosure of sensitive files, and potential remote code execution.

Impact

Exploitation of this vulnerability results in complete administrative access to the device, allowing for destructive actions such as factory resets and arbitrary reboots. Additionally, sensitive files can be accessed and uploaded support packages could potentially lead to remote code execution.

Reproduction

The vulnerability can be reproduced by sending a request to the '/maintenance' endpoint without authentication. This can be done using a web browser or a tool like cURL. Once access to the endpoint is gained, the various actions available through the maintenance interface can be performed, such as initiating a factory reset or downloading sensitive files.

Remediation

DEV Systemtechnik recommends requiring authentication for all '/maintenance' actions, implementing proper session management, adding re-authentication prompts for destructive actions, enforcing cryptographic signing of service packages, introducing role-based access control, and releasing an immediate firmware patch. Customers can block external access to the web UI, place the device behind a VPN or management VLAN, use a reverse proxy with Basic Auth or SSO, change the default ADMIN password, and monitor for access to the '/maintenance' endpoint.