Your WAP is at risk. A vulnerability analysis on wireless accesspoint Web-based management interfaces

This work provides an answer to the following key question: Are the Web-based management interfaces of the contemporary off-the-shelf wireless access points (WAP) free of flaws and vulnerabilities? The short answer is not very much. That is, after performing a vulnerability assessment on the Web interfaces of six different WAPs by an equal number of diverse renowned vendors, we reveal a significant number of assorted medium to high severity vulnerabilities that are straightforwardly or indirectly exploitable. Overall, thirteen categories of vulnerabilities translated to 29 zero-day attacks are exposed. Our findings range from legacy path traversal, cross-site scripting, and clickjacking attacks to HTTP request smuggling and splitting, replay, denial of service, and information leakage among others. In the worst case, the attacker can acquire the administrator's (admin) credentials and the WAP's Wi-Fi passphrases or permanently lock the admin out of accessing the WAP's Web interface. On top of everything else, we identify the already applied hardening measures by these devices and elaborate on extra countermeasures which are required to tackle the identified weaknesses. To our knowledge, this work contributes the first wholemeal appraisal of the security level of this kind of Web-based interfaces that go hand and glove with the myriads of WAPs out there, and it is therefore anticipated to serve as a basis for further research in this timely and challenging field.

CHATZOGLOU Efstratios;  KAMPOURAKIS Georgios;  KOLIAS Constantinos; 

2022-02-15

WILEY-HINDAWI

JRC126797

1939-0114 (online),   

https://www.hindawi.com/journals/scn/2022/1833062/,    https://publications.jrc.ec.europa.eu/repository/handle/JRC126797,   

10.1155/2022/1833062 (online),