CVE-2020-35757 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2020-35757?

CVE-2020-35757 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows unauthenticated attackers to enable ADB over TCP on Libre Wireless LS9 devices, granting them root access. Any LS9 device with its web interface accessible is affected, enabling complete device compromise.

📋 TL;DR

This vulnerability allows unauthenticated attackers to enable ADB over TCP on Libre Wireless LS9 devices, granting them root access. Any LS9 device with its web interface accessible is affected, enabling complete device compromise.

💻 Affected Systems

Products:

Libre Wireless LS9

Versions: LS1.5/p7040 firmware versions

Operating Systems: Embedded Linux

Default Config Vulnerable: ✅ No

Notes: ADB over TCP is disabled by default but can be enabled via the vulnerable endpoint without authentication.

📦 What is this software?

Ls9 Firmware by Librewireless

View all CVEs affecting Ls9 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full root compromise of the device, allowing installation of persistent malware, data theft, and use as a pivot point into internal networks.

🟠

Likely Case

Attackers gain root shell access to modify device configuration, intercept traffic, or disable security controls.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the isolated device only.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP request to enable ADB over TCP, then standard ADB connection for root access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Apply workarounds and network controls.

🔧 Temporary Workarounds

Block web interface access

linux

Restrict access to the LS9 web management interface using firewall rules.

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

Disable ADB service

all

Permanently disable ADB service on the device if not required.

adb shell setprop persist.service.adb.enable 0
adb shell stop adbd

🧯 If You Can't Patch

Isolate LS9 devices in separate VLAN with strict access controls
Implement network monitoring for ADB connection attempts (default port 5555)

🔍 How to Verify

Check if Vulnerable:

Attempt to access the web interface endpoint that enables ADB without authentication.

Check Version:

Check device firmware version via web interface or serial console

Verify Fix Applied:

Verify web interface is inaccessible and ADB service is not running on port 5555.

📡 Detection & Monitoring

Log Indicators:

HTTP requests to ADB enable endpoint
ADB service start events

Network Indicators:

TCP connections to port 5555 (ADB)
Unauthenticated web requests to management interface

SIEM Query:

source_port=5555 OR dest_port=5555 OR (http_uri CONTAINS "/adb_enable")

📊 Metadata

CVE ID: CVE-2020-35757

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-306

Published: May 3, 2021

Last Updated: November 21, 2024

🔗 References

https://www.iot-inspector.com/blog/advisory-multiple-issues-libre-wireless-ls9/ Exploit,Third Party Advisory
https://www.iot-inspector.com/blog/advisory-multiple-issues-libre-wireless-ls9/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-35757, you might also want to check these: