CVE-2017-13718

The HTTP API supported by Starry Station (aka Starry Router) allows brute forcing the PIN setup by the user on the device, and this allows an attacker to change the Wi-Fi settings and PIN, as well as port forward and expose any internal device's port to the Internet. It was identified that the device uses custom Python code called "rodman" that allows the mobile appication to interact with the device. The APIs that are a part of this rodman Python file allow the mobile application to interact with the device using a secret, which is a uuid4 based session identifier generated by the device the first time it is set up. However, in some cases, these APIs can also use a security code. This security code is nothing but the PIN number set by the user to interact with the device when using the touch interface on the router. This allows an attacker on the Internet to interact with the router's HTTP interface when a user navigates to the attacker's website, and brute force the credentials. Also, since the device's server sets the Access-Control-Allow-Origin header to "*", an attacker can easily interact with the JSON payload returned by the device and steal sensitive information about the device.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:starry:s00111_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:starry:s00111:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:11

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.html - Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.html - Third Party Advisory, VDB Entry
References () https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdf - Exploit, Third Party Advisory () https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdf - Exploit, Third Party Advisory
References () https://seclists.org/bugtraq/2019/Jun/8 - Mailing List, Third Party Advisory () https://seclists.org/bugtraq/2019/Jun/8 - Mailing List, Third Party Advisory

Information

Published : 2019-06-10 22:29

Updated : 2024-11-21 03:11


NVD link : CVE-2017-13718

Mitre link : CVE-2017-13718

CVE.ORG link : CVE-2017-13718


JSON object : View

Products Affected

starry

  • s00111_firmware
  • s00111
CWE
CWE-254

7PK - Security Features