- Askey AP5100W version Dual_SIG_1.01.071
Description of the vulnerability
Askey AP5100W was a wifi mesh node provided to Singtel customers as part of their Fibre Broadband contract package. It is used to provide greater WiFi coverage in homes or offices.
The wifi mesh node comes with a configurable web interface that allows users to modify settings on their mesh nodes and run diagnostics.
The default login credential of the web interface for the Askey AP5100W is as follows:
- Login Name:
Upon successful authentication, an attacker can send the following command to create a configuration backup using the following command
If successful, the response is as follows:
Then the attacker would be able to obtain the configuration file (contains admin login password, wifi password and etc) through
In the worst case scenario, regardless of the login status. Meaning if an admin has backed up the configuration file, the attacker is still able to obtain the admin login password even without authentication.
- 2020-05-22 Reported to Askey, no reply from Askey
- 2020-05-28 Reported to Askey again, no reply from Askey
- 2020-06-03 Reported to CSA, CSA replied on same day saying that they will inform Askey and SingTel
- 2020-06-09 Email to CSA again, CSA replied that SingTel and Askey didn’t get back to them.
- 2020-06-09 Reported to Mitre, but no reply
- 2020-07-14 Reported to Mitre again, but no reply again.
- 2020-09-15 Mitre finally replied with CVE
The vendor didn’t replied to us despite all the efforts we made.