Two critical vulnerabilities have been detected in wireless devices LAN devices produced by Contec. The devices are used in planes to provide internet connectivity to passengers while in-flight. The flaws were discovered by a pair of researchers at Necrum Security Labs. The security researchers found that a hidden page not listed in the Wireless LAN manager allow attackers to execute Linux commands on the device with root privileges. The vulnerability is tracked as CVE-2022-36158.
The security researchers also found that one file contains the hash of two users, which the attackers were able to recover in just minutes via a brute-force attack. The issue is that the device owner can only change the account user’s password from the web administration interface as the root account is reserved for Contec. Therefore, individuals who use WiFi on their devices while traveling in-air could be vulnerable to the attack.
Read More: Vulnerabilities Found in Airplane WiFi Devices, Passengers’ Data Exposed