(09-20-2021, 08:49 PM)jtn0514 Wrote: https://cve.mitre.org/cgi-bin/cvename.cg...2021-31698
https://nns.ee/blog/2021/04/03/modem-rce.html
Curious how to know if the chipset in your device is vulnerable at this point. CVE States the following "Quectel EG25-G devices through 202006130814 allow executing arbitrary code remotely by using an AT command to place shell metacharacters in quectel_handle_fumo_cfg input in atfwd_daemon."
This is pretty bad news if this is the case and it hasnt been adressed or patched somehow with a firmware update. Would love to see some further input on this if anyone has any more info on how to patch against this?
Attacker that can execute arbitrary AT commands (that is - has access to modem's USB interfaces) can already do whatever he wants to your modem - he can even enable root adb access and modify anything inside your modem. There's 0 protection.
See https://xnux.eu/devices/feature/modem-pp.html (unlock adb access)
No need for crazy hacks. Just enable root shell and have fun.
Or the attacker can just directly ask the modem to reboot and enable flashing mode and replace the fw with the attacker's image. That can be done over debug interface, not even AT access is needed.
Etc.
my website: https://xnux.eu