Threat Watch

Flaw in 4GEE Wifi Modems

Researchers have discovered a high severity vulnerability in 4GEE Mini modems sold by EE. The vulnerability (CVE-2018-14327) could allow the attacker to perform malicious actions on a targeted computer with the highest level of privileges on the system. It can be exploited by a low privileged user account for escalating privileges on any Windows-based computer that has been connected at least once to the EE Mini modem through USB. This allows the attacker to gain full system access to the targeted computer. By having full access, the attacker could perform a variety of malicious actions such as installing a keylogger, malware, rootkits, or steal sensitive information. The vulnerability resides in the driver files that are installed by EE 4G Mini WiFi modems on Windows systems and originates due to folder permissions. This allows any low privileged user to “read, write, execute, create, delete do anything inside that folder and its subfolders.” According to researchers, “For successful exploitation of the vulnerability, all an attacker or malware just needs to do is replace ‘ServiceManager.exe’ file from the driver folder with a malicious file to trick the vulnerable driver into executing it with higher SYSTEM privileges after reboot.” A patch has been made available and users are strongly advised to update as soon as possible.