Thanks to all my collegues from HeadLight Security, who helped me with this research.
Vulnerabilities of client programs, personal office and equipment YOTA
INTRO
A pocket router is easily accessible equipment these days. With the development of wireless 4G networks, we can truly be mobile and maintain a stable connection with unlimited plans, staying “online” around the clock. But will we connect securely? The security of 3G modems and telecommunications equipment has often been a topic of heated discussions regarding safe online presence. This time, we will analyze the software of the YOTA Many 4G router in detail. In addition to the discovered XSS and CSRF vulnerabilities, which are typical for web infrastructures and online services, an RCE bug was found in Windows/MacOS Desktop application and on portable router, which raising another important issue — the question of user’s anonymity and security.
Multiple high-risk vulnerabilities in Yota software were discovered by me in August 2015. One of the vulnerabilities allows remote code execution without any access rights. In September, Yota was repeatedly informed about the security issues in the modems released by the company; however, no software updates followed.