Vulnerabilities in Goodmill Systems w24e and w24h routers

Vulnerability16/2018

Three privilege escalation vulnerabilities have been found from the firmware on Goodmill Systems w24e and w24h routers. A logged in user could unauthorizedly expand the user privileges in routers affected by the vulnerabilities. Goodmill Systems has released a new version of the firmware addressing the vulnerabilities.

An user account for administrative purposes has been removed from the firmware. The "remote_user" account used hardcoded credentials. Goodmill Systems is a Finnish company whose connectivity products are used for example in vehicles. Please contact the vendor for more information about the update process.

Vulnerability coordination:

The vulnerability was found by Antti Tönkyrä, Mika Järvinen, Mikko Kenttälä and Ossi Salmi. NCSC-FI would like to thank the finders and the vendor for participating in the coordination.

Target

  • Network devices

Attack vector

  • Remote
  • Locally

Impact

  • Security bypass
  • Expansion of access rights

Remediation

  • Software update patch
  • Restriction of the problem

Vulnerable software

  • w24e SW versions 4.0.3.x, 4.0.4, 4.0.5.x , 4.0.6.x before the version 4.0.6.4
  • w24h SW versions before version 1.2.0.3

Possible solutions

The vendor recommends customers to upgrade the software in their routers to the following versions in order to patch these vulnerabilities and to be at the latest software levels:

  • 4.0.6.4 (routers w24e/w24e-S/w24)
  • 1.2.0.3 (routers w24h-S/w24h-I).

Additional information

Contact Information

NCSC-FI Vulnerability Coordination can be contacted as follows:

Email: vulncoord@ficora.fi

Please quote the advisory reference [FICORA #1038870] in the subject line.

Telephone:

+358 295 390 230

Monday - Friday 08:00 – 16:15 (EET: UTC+3)

Post:

Vulnerability Coordination

FICORA / NCSC-FI

P.O. Box 313

FI-00561 Helsinki

FINLAND

NCSC-FI encourages those who wish to communicate via email to make use of our PGP key. The PGP key as well as the vulnerability coordination principles of NCSC-FI are available at: