Security researchers have identified a few vulnerabilities in WiFi access points from Contec that are used primarily on airplanes, allowing attackers to take over devices with root privileges.
Like in any other situation, the Internet is provided in planes through access points that follow the same rules as a similar device on the ground. And, just like any other device, they face the same security challenges and are prone to problems.
Security researchers from Necrum Security Labs discovered a couple of vulnerabilities that allowed them to take over the WiFi access points from the FLEXLAN FXA2000 and FXA3000 series.
“After performing a reverse engineering of the firmware we discovered that a hidden page not listed in the Wireless LAN Manager interface allows to execute Linux commands on the device with root privileges,” explained the researchers regarding the CVE-2022-36158 vulnerability. “From here we had access to all the system files but also be able to open the telnet port and have full access on the device.”
The second vulnerability revealed another major problem for the devices. Manufacturers reserved the root account and used the same password for all devices. Security researchers managed to brute-force the credentials, which essentially meant they theoretically had direct access to all devices.
“The problem is that the owner of the device is only able to change the password for the account user from the web administration interface, because the root account is reserved for Contec, probably for maintenance purposes,” the security researchers said of CVE-2022-36159. “This means an attacker with the root hard coded password can access all FXA2000 series and FXA3000 series devices.”
Contec developers have already released a firmware upgrade for both the FX2000 and FX3000 series, as this is the only way to fix all security issues.