CVE-2020-35757

Name of the Vulnerable Software and Affected Versions: Libre Wireless LS9 LS1.5/p7040 devices

Description: An issue was discovered in the LS9 web interface, which provides functionality to access ADB over TCP. This functionality is not enabled by default but can be enabled by sending a crafted request to a web management interface endpoint. Requests made to this endpoint do not require authentication, allowing any unauthenticated user who can access the web interface to gain root privileges on the LS9 module.

Recommendations: For Libre Wireless LS9 LS1.5/p7040 devices, as a temporary workaround, consider disabling access to the web management interface endpoint until a patch is available. Restrict access to the web interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.