Abstract

The certificate verification functions in the HNDS service in Swisscom Centro Grande (ADB) DSL routers with firmware before 6.14.00 allows remote attackers to access the management functions via unknown vectors.

Link: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1188

Seclists.org Announcement

Link: http://seclists.org/fulldisclosure/2015/Apr/103

Description
-----------
A vulnerability has been discovered that affects the certificate verification
functions provided by the HNDS service found on the Centro Grande (ADB version)
DSL routers of Swisscom.


Product
-------
Firmwares up to version 6.12.02 are affected.


Vulnerability
-------------
The flaw allows an attacker to have access to management functions that are
normally reserved for the Swisscom support. Furthermore, this vulnerability
combined with other vulnerabilities allow to completely compromise the
Centro Grande (ADB) routers. Available Proof-of-Concept code enables a remote
root shell on a victim's router.


Remediation
-----------
Update the firmware to version 6.14.00. By default the Centro Grande routers
should update themselves automatically. The current version can be verified
through the web management interface, under Settings => Router => Firmware
section. The version 6.14.00 should be installed. If it is not the case, the
update can be forced cliking on the button labeled "Check for upgrade".

Alternatively, the firmware can be downloaded from the following page:
https://www.swisscom.ch/en/residential/help/device/internet-router/centro-grande.html

Swisscom customers may call the Swisscom-Hotline 0800 800 800


Acknowledgments
---------------
Ivan Almuina from Hacking Corporation Sàrl (http://hackingcorp.ch/) for the
discovery, the notification and for helping us to fix the vulnerability.


Milestones
----------
Sep 23th 2014   Vulnerability reported to Swisscom CSIRT
Jan  7th 2015   CVE ID requested at MITRE
Jan 18th 2015   CVE ID 2015-1188 assigned by MITRE
Apr 29th 2015   Public Release of Advisory