The vulnerability—discovered by 20-year-old Osanda Malith, a Sri Lankan security researcher at ZeroDayLab—can be exploited by a low privileged user account to escalate privileges on any Windows computer that had once connected to the EE Mini modem via USB.
This, in turn, would allow an attacker to gain full system access to the targeted remote computer and thereby, perform any malicious actions, such as installing malware, rootkits, keylogger, or stealing personal information.
4G Mini WiFi modem is manufactured by Alcatel and sold by EE, a mobile operator owned by BT Group— Britain's largest digital communications company that serves over 31 million connections across its mobile, fixed and wholesale networks.
How Does the Attack Work?
The local privilege escalation flaw, tracked as CVE-2018-14327, resides in the driver files installed by EE 4G Mini WiFi modem on a Windows system and originates because of folder permissions, allowing any low privileged user to "read, write, execute, create, delete do anything inside that folder and it's subfolders."
For successful exploitation of the vulnerability, all an attacker or malware just needs to do is replace "ServiceManager.exe" file from the driver folder with a malicious file to trick the vulnerable driver into executing it with higher SYSTEM privileges after reboot.
"An attacker can plant a reverse shell from a low privileged user account and by restarting the computer, the malicious service will be started as "NT AUTHORITY\SYSTEM" by giving the attacker full system access to the remote PC," he explains in his blog.
Patch Your 4G Wi-Fi Mini Modems
The researcher reported the vulnerability to EE and Alcatel in July, and the company acknowledged the issue and rolled out a firmware patch earlier this month to address the vulnerability.
If you own a G-based wireless 4GEE Mini modem from EE, you are advised to update the firmware modem to the latest "EE40_00_02.00_45" version and remove previous vulnerable versions.
- Go to your router's default gateway: https://192.168.1.1.
- Click on the "Check for Update" to update your firmware.
- Once updated to the patched software version EE40_00_02.00_45, remove the previously installed software version from your computer.