Two critical vulnerabilities were found in wireless LAN devices that are allegedly used to provide internet connectivity on airplanes.
Thomas Knudsen and Samy Younsi from Necrum Security Labs first discovered the flaws, which were found to have affected the Flexlan FX3000 and FX2000 series wireless LAN devices made by Contec.
An advisory, referring to the vulnerability tracked as CVE-2022-36158, noted: “After performing reverse engineering of the firmware, we discovered that a hidden page not listed in the Wireless LAN Manager interface allows to execute Linux commands on the device with root privileges.”
A second vulnerability was also described in the advisory (tracked as CVE-2022-36159). This code refers to the use of weak hard-coded cryptographic keys and backdoor accounts.
The advisory listed: “During our investigation, we also found that the /etc/shadow file contains the hash of two users (root and user), which only took us a few minutes to recover by a brute–force attack.”