View on GitHub

IoPT App

We are here to improve the SoHo security a bit!

Get it on Google Play

In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.

A binary called “Qualcomm Load Balancing Daemon” (lbd), which is used for monitoring and debugging a load-balancing feature in the WiFi interfaces. This service can be managed via network, and there are two instances of it running at the same time, one for the main WiFi (port 7787) and one for the guest WiFi (port 7786). The two instances are configured in the exact same way, except for the interface they manage. Both ports are reachable via LAN.

An attacker could connect to this port, enable debug output to a file, and influence it in a way that interpretable output gets written to executable files, in order to execute arbitrary code without authentication. Any command executed this way would be run as the root user.