This is due to the fact that the UART is accessible via the /dev/ttyUSB device path.

In the case of Mediatrix 4102, this could be exploited by a local attacker via unauthenticated remote code execution.

v48.5.2718 releases and later releases of Mediatrix 4102 are not vulnerable to this issue.

CVE-2018-1416 In the case of Mediatrix 4102, an attacker could manipulate the DHCP server on the device to issue an IP address to a host on the local network with the host’s privileges, which allows for unauthenticated remote code execution on the device.

CVE-2018-1415 In the case of Mediatrix 4102, the DHCP server on the device could be manipulated by an attacker with local access to issue an IP address to a host on the local network with the host’s privileges, which allows for unauthenticated remote code execution on the device.

CVE-2018-1414 In the case of Mediatrix 4102, the attacker could also manipulate the DHCP server on the device to issue an IP address to a host on the local network with the host’s privileges, which allows for unauthenticated remote code execution on the device.

CVE-2018-1413 In the case of Mediatrix 4102, the attacker could also manipulate the DHCP server on the device to issue an IP address to

Limitations and Mitigation

The following limitations and mitigations are effective in mitigating this attack vector. The IP address would need to be within the range of the DHCP server on the device.
The device's Ethernet port must not be used to connect to a network while under attack.
The device must be configured with an IPv4 address that is not in use by any other host on the local network so that it becomes the sole owner of that address range.
If a DHCP server is present on the device, it should only issue addresses for devices that have been pre-added to its "Preferred" list; no additional devices should be added to this list manually by users or via external means outside of this configuration step.

Step 0: Find out if you’re vulnerable to the DHCP issue

You can find out if you’re vulnerable by getting the device to prompt for a username and password. If it does, then Mediatrix 4102 is vulnerable. If not, then Mediatrix 4102 is not vulnerable.

Step 1: Update to the latest firmware version

The latest firmware version is v48.5.2718 or later. All other versions of Mediatrix 4102 are not affected by this vulnerability and do not need updating.

Timeline

Published on: 11/17/2022 23:15:00 UTC
Last modified on: 11/22/2022 00:33:00 UTC

References