Flaw In 4GEE WiFi Modem Could Leave Your Computer Vulnerable
(Sep 20, 2018)
Security researcher, Osanda Malith, from ZeroDayLab discovered a severe vulnerability in 4G-based wireless 4GEE Mini modems sold by mobile operator, EE. This vulnerability, registered as “CVE-2018-14327,” allows a low-privileged user account to escalate privileges on any Windows machine that had connected to the EE Mini modem via USB. The vulnerability is located in the driver files installed by the modem onto Windows machines, where the folder permissions allow anyone to read, write, execute, create, and delete anything inside that folder and its subfolders. For an attacker to exploit this vulnerability, they just have to replace the “ServiceManager.exe” file from the driver folder with a malicious file to trick the driver into running the tainted file and executing with higher SYSTEM privileges following a reboot. A patch has been released for this vulnerability by EE.
Recommendation: As a patch has been released for this vulnerability, it is advised to apply it immediately. EE states that the "EE40_00_02.00_45" version of firmware is the most recent version that should be installed, an the older versions should be removed from the machine.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.