Shenzhen Yuner WDR201A WiFi Extender Unprotected UART Interface Vulnerability

A vulnerability exists in the Shenzhen Yuner WDR201A WiFi extender, specifically in hardware version 2.1 and firmware version LFMZX28040922V1.02. The device exposes an unprotected UART interface through accessible hardware pads on the printed circuit board (PCB). This vulnerability allows for physical access to the device's bootloader and could potentially be exploited to read or modify firmware.

Impact

Exploitation of this vulnerability allows for unprotected access to the device's bootloader via the UART interface, enabling firmware modification or extraction. In this case, the vulnerability was exploited to access the U-Boot console, dump the firmware, and execute commands that could lead to remote code execution.

Reproduction

The vulnerability can be reproduced by physically accessing the device and soldering wires to the exposed UART pads on the PCB. Once the UART interface is connected to a UART-to-USB converter, the device's boot log can be read, and commands can be sent to the U-Boot console. After dumping the firmware, the extracted firmware can be analyzed for further vulnerabilities.