Description
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service Read_ NVRAM Direct Access Information Leak. The luci_service deamon running on port 7777 provides a sub-category of commands for which Read_ is prepended. Commands in this category are able to directly read the contents of the device configuration NVRAM. The NVRAM contains sensitive information, such as the Wi-Fi password (in cleartext), as well as connected account tokens for services such as Spotify.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.iot-inspector.com/blog/advisory-multiple-issues-libre-wireless-ls9/
Scores
CVSS v3
7.5
EPSS
0.0111
EPSS Percentile
61.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-306
Status
published
Products (1)
librewireless/ls9_firmware
7040
Published
May 03, 2021
Tracked Since
Feb 18, 2026