Zero-Day Remote 'Root' Exploit Disclosed Inward At&T Directv Wvb Devices

Security researchers direct keep publicly disclosed an unpatched zero-day vulnerability inward the firmware of AT&T DirecTV WVB kit after trying to larn the device manufacturer to spell this easy-to-exploit flaw over the past times few months.

The work is alongside a substance gene of the Genie DVR organization that's shipped gratuitous of terms alongside DirecTV in addition to tin post away locomote easily exploited past times hackers to gain root access in addition to convey total command of the device, placing millions of people who've signed upward to DirecTV service at risk.

The vulnerability truly resides inward WVBR0-25—a Linux-powered wireless video span manufactured past times Linksys that AT&T provides to its novel customers.

DirecTV Wireless Video Bridge WVBR0-25 allows the primary Genie DVR to communicate over the air alongside customers' Genie client boxes (up to 8) that are plugged into their TVs roughly the home.

Trend Micro researcher Ricky Lawshae, who is also a DirecTV customer, decided to convey a closer expression at the device in addition to works life that Linksys WVBR0-25 hands out internal diagnostic information from the device's spider web server, without requiring whatever authentication.

When trying to browse to the wireless bridge's spider web server on the device, Lawshae was expecting a login page or similar, merely instead, he works life "a wall of text streaming earlier [his] eyes."

Once there, Lawshae was able to run across the output of several diagnostic scripts containing everything almost the DirecTV Wireless Video Bridge, including the WPS pin, connected clients, running processes, in addition to much more.

What's to a greater extent than worrisome was that the device was accepting his commands remotely in addition to that also at the "root" level, pregnant Lawshae could direct keep run software, exfiltrate data, encrypt files, in addition to create almost anything he wanted on the Linksys device.

"It literally took xxx seconds of looking at this device to discovery in addition to verify an unauthenticated, remote root command injection vulnerability. It was at this indicate that I became pretty frustrated," Lawshae wrote inward an advisory published Wed on Trend Micro-owned Zero Day Initiative (ZDI) website. 

"The vendors involved hither should direct keep had some shape of secure evolution to preclude bugs similar this from shipping. More than that, nosotros every bit safety practitioners direct keep failed to ship upon the changes needed inward the manufacture to preclude these elementary nevertheless impactful bugs from reaching unsuspecting consumers."

Lawshae also provided a video, demonstrating how a quick in addition to straightforward hack allow anyone larn a root musical rhythm out on the DirecTV wireless box inward less than xxx seconds, granting them total remote unauthenticated admin command over the device.

The vulnerability was reported past times the ZDI Initiative to Linksys to a greater extent than than half-dozen months ago, merely the vendor ceased communication alongside the researcher in addition to had nevertheless non fixed the problem, leaving this easy-to-exploit vulnerability unpatched in addition to opened upward for hackers.

So, later over one-half a year, ZDI decided to publicize the zero-day vulnerability, in addition to recommended users to boundary their devices that tin post away interact alongside Linksys WVBR0-25 "to those that truly require to reach" inward lodge to protect themselves.

Share This :