[ADVISORY INFORMATION]
Title:          Weak firmware encryption and predictable WPA key on Sitecom routers
Discovery date: 17/02/2014
Release date:   24/04/2014
Credits:        Roberto Paleari     (@rpaleari)
                Alessandro Di Pinto (@adipinto)
Advisory URL:   http://blog.emaze.net/2014/04/sitecom-firmware-and-wifi.html

[AFFECTED PRODUCTS]
We confirm the presence of the security vulnerability on the following
products/firmware versions:
  * Sitecom WLR-4000 v1 001
  * Sitecom WLR-4004 v1 001
Other device models and firmware versions are probably also vulnerable, but
they were not checked.

[VULNERABILITY DETAILS]
Affected routers are subject to a security issue which allows an attacker to
calculate the default WPA passphrase/admin password starting from the device
MAC address.

More in detail, affected firmware versions generate the default wireless keys
and access credentials starting from publicly-accessible information, such as
the MAC address of the Wi-Fi interface. The algorithm used to generate these
keys is included inside the firmware image. As a consequence, attackers located
nearby a vulnerable device (i.e., within the Wi-Fi network range) can calculate
the default wireless password, authenticate to the Wi-Fi network (if the
passphrase has not been changed by the user) and access the LAN of the victim
user.

In addition, the firmware image of the affected Sitecom routers is encrypted
using a trivial XOR-based scheme. The key can be derived through a
"known-plaintext" attack focusing on the image padding bytes, which are
typically set to zero in an unencrypted firmware. The two device models we
analyzed (i.e., WLR-4000 and WLR-4004) use different XOR keys, but the encoding
scheme is the same.

Additional details are provided on Emaze blog, together with a Python script
that implements the wireless key generation algorithm. See the "Advisory
information" section for the actual URL.

[REMEDIATION]
Emaze informed Sitecom about these issues on February 17th, 2014. Sitecom
confirmed that future device models will not rely on the same algorithms for
the generation of the wireless keys.  Obviously, existing devices will remain
vulnerable. For this reason, we strongly suggest Sitecom users to use a
wireless key different from the default one.

[COPYRIGHT]
Copyright(c) Emaze Networks S.p.A 2014, All rights reserved worldwide.
Permission is hereby granted to redistribute this advisory, providing that no
changes are made and that the copyright notices and disclaimers remain intact.

[DISCLAIMER]
Emaze Networks S.p.A is not responsible for the misuse of the information
provided in our security advisories. These advisories are a service to the
professional security community. There are NO WARRANTIES with regard to this
information. Any application or distribution of this information constitutes
acceptance AS IS, at the user's own risk. This information is subject to change
without notice.