Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

CVE-2022-47700

Product: CF-WR623N (http://www.comfast.com.cn/index.php?m=content&c=index&a=show&catid=98&id=13)

Vendor: COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd)

Firmware version: V2.3.0.1

Driver version: 4.1.0.0_CL15074

Vendor Fix: N/A

Impact: Unauthenticated Information Disclosure

Description: an aunauthenticated user has the ability to disclose the admin accounts credentials.


I'll preface this by saying that obviously you do need to be connected to the network to perform this attack. You can achieve this by plugging directly into the router. This is assuming you have physical access or have the owner of the device provide you with the PSK or connect you themselves. Then and only then can you interface with the device.

As seen below, since we don't actually need to be authenticate or have a valid session we have more-or-less access to all the router features. Because of this we're able to retrieve the routers configuration and view the admin users password and see the PSK in clear text.

image

image