CVE-2023-6304: Defend Your Tecno Hotspot from Malicious Code Injection
In today’s hyper-connected world, the Tecno 4G Portable WiFi TR118 has emerged as a linchpin for digital nomads and remote workers, offering the allure of seamless 4G LTE internet access for up to 16 devices. With its robust 2600mAh battery ensuring up to 12 hours of connectivity and a handy 32GB microSD card for file storage, this device has become a go-to for many seeking internet on the go. However, lurking beneath the convenience of these devices lies a potential security vulnerability that could compromise your network and put your data at risk.
Dubbed CVE-2023-6304 and rated a concerning 7.2 on the Common Vulnerability Scoring System (CVSS), this flaw in the TR118’s firmware (version TR118-M30E-RR-DEnFrArSwHaPo-OP-V008-20220830) opens the door for an authenticated attacker on the same local network to execute arbitrary code via a craftily designed request. The exploit pivots around the device’s ping feature, a staple in network diagnostics.
The root cause here is the lack of server-side validation, which, coupled with client-side checks, sets the stage for blind command injection attacks.
The attack’s modus operandi is alarmingly straightforward. By leveraging tools like BurpSuite, a popular platform for testing web application security, attackers can intercept and modify network requests. They can then embed system commands within these requests, enclosed in backticks, which the TR118 unsuspectingly executes.
The proof-of-concept, demonstrating the exploit’s feasibility, has already made its way to public domains like drive.google.com, heightening the risk. Despite early warnings to the vendor, the lack of response or countermeasures leaves users dangerously exposed.
With no official fix or patch in sight, users are put at risk. The immediate, albeit inconvenient, recommendation is to consider alternative devices that do not harbor the CVE-2023-6304 vulnerability. For those committed to the TR118, vigilance and network hygiene become paramount. Restricting device access to trusted users and regularly monitoring network traffic for anomalies can serve as temporary band-aids.
