1. Forum
  2. tqw
  3. TQW GENTECH

  • Wi-Fi Alliance test suite has a worrying security flaw

    From TechnologyDaily@1337:1/100 to All on Monday, October 28, 2024 18:00:06
    Wi-Fi Alliance test suite has a worrying security flaw

    Date:
    Mon, 28 Oct 2024 17:46:00 +0000

    Description:
    No word of a patch for Wi-Fi Test Suite flaw yet.

    FULL STORY ======================================================================

    Wi-Fi Test Suite carries a vulnerability that allows for elevation of privilege and remote code execution (RCE) attacks - and since there is no patch, and no word if there ever will be a patch, users are advised to
    replace the affected endpoints, or at least stop using them until any sort of resolution.

    The Wi-Fi Test Suite is a certification toolset, developed by the Wi-Fi Alliance, and used to test, validate, and ensure interoperability and performance of Wi-Fi devices based on Wi-Fi standards.

    This suite includes a variety of tests that cover different aspects of Wi-Fi functionality, such as connectivity, throughput, security, and coexistence with other wireless technologies. No patch yet

    According to the CERT Coordination Center (CERT/CC), this toolset carries a command injection vulnerability, which allows threat actors to execute arbitrary commands with root privileges on affected routers. The routers affected by this vulnerability seem to be from Arcadyan, a Taiwanese-based hardware manufacturer. To exploit the flaw, the threat actor only needs to send a specially crafted packet to the vulnerable device.

    Whats interesting here is that the test suite was never designed to be used
    in production environments - its goal was to support the development of certification programs, and device certification, the CERT Coordination
    Center says. However, it somehow made it into commercial routers, and thus
    the vulnerability trickled down to households, and possibly small businesses.

    The Hacker News says the Taiwanese router maker is not building a patch for this vulnerability, and there is no word if it ever will. Therefore, other vendors using the Wi-Fi Test Suite are advised to remove it, or update to version 9.0 or later, thus minimizing the risk of exploitation.

    Being omnipresent, and a gateway for all data, routers are one of the most targeted endpoint devices in cyberattacks. Therefore, using routers from reputable manufacturers, and keeping them secured and up-to-date, remains pivotal in cybersecurity best practices. More from TechRadar Pro Email
    threats are becoming more dangerous than ever so keep an eye on your inbox Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/wi-fi-alliance-test-suite-has-a-worryin g-security-flaw


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)