CVE-2022-43096 Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port.
This is due to the fact that the UART is accessible via the /dev/ttyUSB device path.
In the case of Mediatrix 4102, this could be exploited by a local attacker via unauthenticated remote code execution.
v48.5.2718 releases and later releases of Mediatrix 4102 are not vulnerable to this issue.
CVE-2018-1416 In the case of Mediatrix 4102, an attacker could manipulate the DHCP server on the device to issue an IP address to a host on the local network with the host’s privileges, which allows for unauthenticated remote code execution on the device.
CVE-2018-1415 In the case of Mediatrix 4102, the DHCP server on the device could be manipulated by an attacker with local access to issue an IP address to a host on the local network with the host’s privileges, which allows for unauthenticated remote code execution on the device.
CVE-2018-1414 In the case of Mediatrix 4102, the attacker could also manipulate the DHCP server on the device to issue an IP address to a host on the local network with the host’s privileges, which allows for unauthenticated remote code execution on the device.
CVE-2018-1413 In the case of Mediatrix 4102, the attacker could also manipulate the DHCP server on the device to issue an IP address to
Limitations and Mitigation
The following limitations and mitigations are effective in mitigating this attack vector. The IP address would need to be within the range of the DHCP server on the device.
The device's Ethernet port must not be used to connect to a network while under attack.
The device must be configured with an IPv4 address that is not in use by any other host on the local network so that it becomes the sole owner of that address range.
If a DHCP server is present on the device, it should only issue addresses for devices that have been pre-added to its "Preferred" list; no additional devices should be added to this list manually by users or via external means outside of this configuration step.
Step 0: Find out if you’re vulnerable to the DHCP issue
You can find out if you’re vulnerable by getting the device to prompt for a username and password. If it does, then Mediatrix 4102 is vulnerable. If not, then Mediatrix 4102 is not vulnerable.
Step 1: Update to the latest firmware version
The latest firmware version is v48.5.2718 or later. All other versions of Mediatrix 4102 are not affected by this vulnerability and do not need updating.
Timeline
Published on: 11/17/2022 23:15:00 UTC
Last modified on: 11/22/2022 00:33:00 UTC