CVE-2020-29669 – This vulnerability in Macally WIFISD2-2A82 rout... (How to Fix)

Q: What is the severity of CVE-2020-29669?

CVE-2020-29669 has a CVSS score of 8.8 (HIGH). This vulnerability in Macally WIFISD2-2A82 routers allows guest users to exploit a password reset mechanism to escalate privileges to administrator, then gain shell access and dump password hashes including root. Attackers can then crack the root hash for complete system compromise. Only users of this specific router model and firmware version are affected.

📋 TL;DR

This vulnerability in Macally WIFISD2-2A82 routers allows guest users to exploit a password reset mechanism to escalate privileges to administrator, then gain shell access and dump password hashes including root. Attackers can then crack the root hash for complete system compromise. Only users of this specific router model and firmware version are affected.

💻 Affected Systems

Products:

Macally WIFISD2-2A82 Media and Travel Router

Versions: 2.000.010

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires guest network to be enabled, which is common in travel router configurations.

📦 What is this software?

Wifisd2 2a82 Firmware by Macally

View all CVEs affecting Wifisd2 2a82 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with root access, allowing attackers to intercept all network traffic, install persistent malware, and pivot to other network devices.

🟠

Likely Case

Administrator account compromise leading to network configuration changes, traffic monitoring, and potential access to connected devices.

🟢

If Mitigated

Limited to guest network isolation if properly configured, but still risks privilege escalation within the router itself.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing, allowing remote attackers to exploit this if guest access is enabled.

🏢 Internal Only: MEDIUM - Internal attackers with guest access could exploit this, but requires initial network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires guest user access but then provides straightforward privilege escalation path. Multiple public exploit scripts exist.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

No official patch available. Consider replacing affected hardware or implementing workarounds.

🔧 Temporary Workarounds

Disable Guest Network

all

Completely disable guest network functionality to remove attack surface

Login to admin interface > Wireless Settings > Disable Guest Network

Isolate Guest Network

all

Configure guest network with strict isolation from admin interface

Login to admin interface > Advanced Settings > Enable Client Isolation for Guest Network

🧯 If You Can't Patch

Replace affected routers with different models from vendors with better security track records
Place router behind additional firewall with strict access controls

🔍 How to Verify

Check if Vulnerable:

Check router web interface for model WIFISD2-2A82 and firmware version 2.000.010

Check Version:

Login to router admin interface and check System Status or About page

Verify Fix Applied:

Test if guest user can still access password reset functionality or escalate privileges

📡 Detection & Monitoring

Log Indicators:

Multiple failed admin login attempts followed by success from guest IP
Guest user accessing password reset endpoints
Unexpected shell access or configuration changes

Network Indicators:

Guest network traffic accessing admin interface ports
Unusual outbound connections from router

SIEM Query:

source="router_logs" AND (event="password_reset" OR event="privilege_escalation" OR user="guest" AND action="admin_access")

📊 Metadata

CVE ID: CVE-2020-29669

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-287

Published: December 14, 2020

Last Updated: November 21, 2024

🔗 References

http://packetstormsecurity.com/files/160478/Macally-WIFISD2-2A82-2.000.010-Privilege-Escalation.html Exploit,Third Party Advisory,VDB Entry
https://drive.google.com/file/d/1PpiRhhfph8U_0KAoIp0AnwY3mVtp-R-g/view Exploit,Third Party Advisory
https://github.com/S1lkys/CVE-2020-29669 Exploit,Third Party Advisory
http://packetstormsecurity.com/files/160478/Macally-WIFISD2-2A82-2.000.010-Privilege-Escalation.html Exploit,Third Party Advisory,VDB Entry
https://drive.google.com/file/d/1PpiRhhfph8U_0KAoIp0AnwY3mVtp-R-g/view Exploit,Third Party Advisory
https://github.com/S1lkys/CVE-2020-29669 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-29669, you might also want to check these: