Share: Email | Twitter

ID

VDE-2024-009

Published

2024-04-09 10:00 (CEST)

Last update

2024-04-09 10:07 (CEST)

Vendor(s)

Welotec GmbH

Product(s)

Article No° Product Name Affected Version(s)
6912TK515L00 TK515L < v2.3.0.r5542
6912TK515L0S TK515L Set < v2.3.0.r5542
6912TK515LW TK515L-W < v2.3.0.r5542
6912TK515WS TK515L-W Set < v2.3.0.r5542
6912TK525L00 TK525L < v2.3.0.r5542
6912TK525L0S TK525L Set < v2.3.0.r5542
6912TK525LW TK525L-W < v2.3.0.r5542
6912TK525LS TK525L-W Set < v2.3.0.r5542
6912TK525U00 TK525U < v2.3.0.r5542
6912TK525U0S TK525U Set < v2.3.0.r5542
6912TK525W00 TK525W < v2.3.0.r5542
6912TK525W0S TK525W Set < v2.3.0.r5542
6912TK535L00 TK535L1 < v2.3.0.r5542
6912TK535L0S TK535L1 Set < v2.3.0.r5542

Summary

Welotec has closed two vulnerabilities in the TK500v1 router series and advises to update the routers to firmware version r5542 or later. An exploitation of the vulnerabilities can allow an attacker to manipulate the device.

Vulnerabilities



Last Update
30. August 2024 09:25
Weakness
Improper Access Control (CWE-284)
Summary

An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates.

Last Update
30. August 2024 09:25
Weakness
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Summary

An remote attacker with low privileges can perform a command injection which can lead to root access.

Impact

Please consult the CVEs above.

Solution

Update the product to firmware v2.3.0.r5542 or later.

Reported by

Reported by BSI.

CERT@VDE coordinated with Welotec.