Xiaomi Mi WiFi R3G / found in nginx alias / Directory traversal vulnerability

on

Warning: any malicious actions utilising this Information are strictly prohibited.


<Xiaomi Mi WiFi R3G의 nginx alias 취약점을 이용한 디렉토리 우회 시도>

 


CVE-2019-18371

demonstrated by:

GET /api-third-party/download/extdisks../etc/config/account.



An issue was discovered on Xiaomi Mi WiFi R3G router has a directory traversal vulnerability to read arbitrary files via a misconfigured NGINX alias.

with this vulnerability, the attacker can bypass authentication.


Xiaomi Mi WiFi R3G : One of the 3G Router published by Xiaomi corporation.

Backdoor : The type of malware/malicious program

Malicious software programs designed to grant unwanted access for a remote attack.
Remote attackers can send commands or leverage full control over a compromised computer.

In the world of cyber security, a backdoor refers to any method by which authorised and unauthorised users are able to get around normal security measures and gain high level user access (ex: root access) on a computer system, network, or software application.

Backdoor (computing) - Wikipedia

(Dilly corporation Impart : none)


ex: 

vdivpn1.dilly:)corporation.com  ->   10.240.365.365  (meh)            -> 10.95.365.365
                                  (moving to designated Proxy)   (NAT IP assigned in that Proxy)

(How to find - )
(VPN      :  can be found in 'HOST' in raw data.)
(Proxy/NAT IP: Ask admin who has the list of company cybersecurity asset.)


Scenario:
1) The attacker tried to access to employee's VPN service remotely.
2) The proxy received the request packet and connects to allocated NAT IP.
3) It seems that the request packer has been blocked manually, as the final detected destination IP has been found as 'NAT IP'.
Therefore, we can say that this attempt is not critical or successfully happened.
(If this conclusion sounds suspicoius, you might be able to try replay attack.)


Reason:  Ever since the US governement declared that the research have found some critical backdoor program from smartphones from Xiaomi,
company doesn't use any device/product from Xiaomi.

(It appears that an attacker just tried random cyber vandalism to try to find out if there is any use of specific products from Xiaomi)



[Reference]

백도어 - 나무위키 (namu.wiki)

중국 내수용 직구했다면 털린다…샤오미 스마트폰 백도어 논란 (upinews.kr)

Might there be any backdoor for the Chinese government in Xiaomi Android One phones? I'm about to buy Mi A2, and I wonder why it is so cheap. - Quora


https://nvd.nist.gov/vuln/detail/CVE-2019-18371

Xiaomi MiWiFi 3G - Default login IP, default username & password (192-168-1-1-ip.co)

Comments

Post a Comment