CVE-2024-46383# Sensitive-Information-disclosure-via-SPI-flash-firmware-for-Hathway-router-CVE-2024-46383
## Vulnerability Description:
During the security assessment of the Router firmware, it was observed that sensative information regarding the devices connected to router
such as Mobile phone,Laptos, Tablets is stored in plain textand attacker can miuse it.
Vendor of the product: Hathway
Affected product:CM5100-511
Affected Version: 4.1.1.24
Vulnerability Score V3.1: 5.2 Medium AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
## Proof Of Concept:
1. Power on the router and do the initial network reconnaissance using Nmap tool.
<img width="666" alt="Network_reconn" src="https://github.com/user-attachments/assets/3df2a170-693b-4647-aedb-2a2ca5c82aea">
2. Teardown the router and locate the UART connection as shown in below Image.
Connect the UART connection to serial console and check the initial boot sequence of router.
Form initial boot sequence we got the hardware and firmware version information.
<img width="352" alt="Tear_down" src="https://github.com/user-attachments/assets/21f1b287-a1af-4c09-af81-eed683db8b4c">
<img width="625" alt="Initial_boot_sequence" src="https://github.com/user-attachments/assets/5c5b2dd9-6042-422f-80ec-f2abe13cf309">
3. From Hardware PCB analysis it was observed that external flash IC(Winbond W25Q64JV) is connected back side,
solder out the flash IC from PCB and using CH431A flash programmer dump the firmware.
4. After dumping the flash firmware,Perform the analysis of dumped binary file and we found that, names of mobile phones, laptops, Tablets which are coonected to router
are stored in plain text.
<img width="437" alt="connected_devices_to_router" src="https://github.com/user-attachments/assets/09c3d784-9e33-4a09-b8e3-208746c4d95c">
## Authors:
Nitin Ronge(www.linkedin.com/in/nitin-ronge)
Anand Yadav(www.linkedin.com/in/anandyadav6962)
[4.0K] /data/pocs/d71f5996f17042180800232bb6fc1d14af6e1d2f
└── [2.0K] README.md
0 directories, 1 file