CVE-2020-35755 : What You Need to Know

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices, leading to a luci_service Read_NVRAM Direct Access Information Leak. This vulnerability allows unauthorized access to sensitive information stored in the device's configuration NVRAM.

Understanding CVE-2020-35755

This CVE identifies a security flaw in Libre Wireless LS9 LS1.5/p7040 devices that enables unauthorized access to sensitive data.

What is CVE-2020-35755?

The vulnerability allows the luci_service daemon on port 7777 to directly read the device configuration NVRAM, exposing critical data like Wi-Fi passwords and account tokens.

The Impact of CVE-2020-35755

The exploitation of this vulnerability can result in unauthorized access to sensitive information, compromising user privacy and security.

Technical Details of CVE-2020-35755

This section provides technical insights into the vulnerability.

Vulnerability Description

The luci_service daemon on Libre Wireless LS9 LS1.5/p7040 devices allows unauthorized access to the device configuration NVRAM, exposing sensitive data.

Affected Systems and Versions

Product: Libre Wireless LS9 LS1.5/p7040
Vendor: Libre Wireless
Version: Not applicable

Exploitation Mechanism

The luci_service daemon running on port 7777 provides commands that can directly read the device configuration NVRAM, leading to an information leak.

Mitigation and Prevention

Protecting systems from CVE-2020-35755 requires immediate actions and long-term security practices.

Immediate Steps to Take

Disable luci_service daemon if not essential for device functionality
Monitor network traffic for any suspicious activities
Change default passwords and sensitive credentials

Long-Term Security Practices

Regularly update device firmware to patch known vulnerabilities
Implement network segmentation to limit access to critical systems

Patching and Updates

Apply security patches provided by Libre Wireless promptly
Stay informed about security advisories and updates from the vendor