Wi-Fi Test Suite carries a vulnerability that allows for elevation of privilege and remote code execution (RCE) attacks – and since there is no patch, and no word if there ever will be a patch, users are advised to replace the affected endpoints, or at least stop using them until any sort of resolution.
The Wi-Fi Test Suite is a certification toolset, developed by the Wi-Fi Alliance, and used to test, validate, and ensure interoperability and performance of Wi-Fi devices based on Wi-Fi standards.
This suite includes a variety of tests that cover different aspects of Wi-Fi functionality, such as connectivity, throughput, security, and coexistence with other wireless technologies.
No patch yet
According to the CERT Coordination Center (CERT/CC), this toolset carries a command injection vulnerability, which allows threat actors to execute arbitrary commands with root privileges on affected routers. The routers affected by this vulnerability seem to be from Arcadyan, a Taiwanese-based hardware manufacturer. To exploit the flaw, the threat actor only needs to send a specially crafted packet to the vulnerable device.
What’s interesting here is that the test suite was never designed to be used in production environments – its goal was to support the development of certification programs, and device certification, the CERT Coordination Center says. However, it somehow made it into commercial routers, and thus the vulnerability trickled down to households, and possibly small businesses.
The Hacker News says the Taiwanese router maker is not building a patch for this vulnerability, and there is no word if it ever will. Therefore, other vendors using the Wi-Fi Test Suite are…
Read full post on Tech Radar
Discover more from Technical Master - Gadgets Reviews, Guides and Gaming News
Subscribe to get the latest posts sent to your email.
