Wi-Fi test suite causes security vulnerability in Arcadyan routers

The vulnerability found is based on the Wi-Fi Alliance's test software on the routers, which allows attackers to execute almost arbitrary code with admin rights. The Wi-Fi Test Suite is a platform developed by the Wi-Fi Alliance that allows automated testing of Wi-Fi components. While the open-source components of the toolkit are freely available, the complete package is only available to members of the Wi-Fi Alliance.

The CERT Coordination Center (CERT/CC) noted that the Wi-Fi test suite is not normally intended for use in production environments. Nevertheless, the software was discovered on Arcadyan routers that had been delivered. When analyzing the vulnerability, the researchers identified a command injection flaw (CVE-2024-41992). This can allow attackers to take complete control of affected routers.

Close security gap by removing the test software

"By accessing it, the attacker can change system settings, disrupt critical network services or completely reset the device. These actions can lead to network data being compromised and a potential service outage for all users," said the security experts in a threat assessment. The vulnerability has since been published by various online portals such as Cybersecuritynews and TheHackerNews.

Until a manufacturer patch is available, the experts recommend checking existing Arcadyan routers for existing installations of the Wi-Fi test suite. If the suite is installed, a complete removal will permanently fix the security problem. Where the suite's functions are in use and removal is therefore out of the question, an update to release 9.0 of the suite should prevent the risk of misuse.

(nen)