Beetel 777VR1 Information Disclosure Vulnerability via UART Interface

A vulnerability exists in the Beetel 777VR1 router, specifically in firmware versions up to 01.00.09/01.00.09_55. The issue lies within the UART interface, where sensitive authentication credentials are logged in cleartext during the boot process. This information includes WPA2-PSK values for wireless interfaces, WPS credentials, and other provisioning parameters. The vulnerability can be exploited by an attacker with physical access to the device's UART interface, allowing them to passively capture these credentials as they are logged. The exploitation is considered to have high complexity, and while the vulnerability is difficult to exploit, a public exploit is available.

Impact

Successful exploitation of this vulnerability leads to the unauthorized disclosure of Wi-Fi credentials and provisioning secrets, enabling unauthorized access to the network.

Reproduction

The vulnerability can be reproduced by connecting to the UART interface of a Beetel 777VR1 router running a vulnerable firmware version. During the boot process, sensitive credentials are automatically logged in cleartext to the UART console. This leakage can be observed passively, without any need for authentication or interaction.