Wi-Fi Alliance test suite has a worrying security flaw

1 week ago

cables going into nan backmost of a broadband router connected achromatic background

(Image credit: Shutterstock)

Wi-Fi Test Suite carries a vulnerability that allows for elevation of privilege and remote codification execution (RCE) attacks - and since location is nary patch, and nary connection if location ever will beryllium a patch, users are advised to switch nan affected endpoints, aliases astatine slightest extremity utilizing them until immoderate benignant of resolution.

The Wi-Fi Test Suite is simply a certification toolset, developed by nan Wi-Fi Alliance, and utilized to test, validate, and guarantee interoperability and capacity of Wi-Fi devices based connected Wi-Fi standards.

This suite includes a assortment of tests that screen different aspects of Wi-Fi functionality, specified arsenic connectivity, throughput, security, and coexistence pinch different wireless technologies.

No spot yet

According to nan CERT Coordination Center (CERT/CC), this toolset carries a bid injection vulnerability, which allows threat actors to execute arbitrary commands pinch guidelines privileges connected affected routers. The routers affected by this vulnerability look to beryllium from Arcadyan, a Taiwanese-based hardware manufacturer. To utilization nan flaw, nan threat character only needs to nonstop a specially crafted packet to nan susceptible device.

What’s absorbing present is that nan trial suite was ne'er designed to beryllium utilized successful accumulation environments - its extremity was to support nan improvement of certification programs, and instrumentality certification, nan CERT Coordination Center says. However, it someway made it into commercialized routers, and frankincense nan vulnerability trickled down to households, and perchance mini businesses.

The Hacker News says nan Taiwanese router shaper is not building a spot for this vulnerability, and location is nary connection if it ever will. Therefore, different vendors utilizing nan Wi-Fi Test Suite are advised to region it, aliases update to type 9.0 aliases later, frankincense minimizing nan consequence of exploitation.

Being omnipresent, and a gateway for each data, routers are 1 of nan astir targeted endpoint devices successful cyberattacks. Therefore, utilizing routers from reputable manufacturers, and keeping them secured and up-to-date, remains pivotal successful cybersecurity champion practices.

Sign up to nan TechRadar Pro newsletter to get each nan apical news, opinion, features and guidance your business needs to succeed!

More from TechRadar Pro

Email threats are becoming much vulnerable than ever — truthful support an oculus connected your inbox
Here's a database of nan best firewalls today
These are nan best endpoint protection tools correct now

Sead is simply a seasoned freelance journalist based successful Sarajevo, Bosnia and Herzegovina. He writes astir IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, information breaches, laws and regulations). In his career, spanning much than a decade, he’s written for galore media outlets, including Al Jazeera Balkans. He’s besides held respective modules connected contented penning for Represent Communications.

Source Technology