Critical Filewave MDM Vulnerabilities Allow Attackers Full Mobile Device Control

Two previously unknown critical vulnerabilities within FileWave’s multiplatform MDM system could grant malicious actors access to the platforms most privileged user account.

Two vulnerabilities in FileWaves multiplatform mobile device management (MDM) system would have allowed malicious actors to bypass authentication mechanisms, taking control of the platform and the devices linked to it.
FileWaves MDM platform allows admins to push software updates to devices, lock them or even remotely wipe devices.
A report from Clarotys Team82 takes a closer look at CVE-2022-34907, an authentication bypass flaw, and CVE-2022-34906, a hard-coded cryptographic key — vulnerabilities that Filewave addressed with a recent update.
According to the report, the researchers discovered more than 1,100 different instances of vulnerable Internet-facing FileWave MDM servers across multiple industries, including in large enterprises, education, and government agencies.
The platforms MDM Web server, written in Python, is a key component that allows the admin to interact with the devices and receive information from them.
Since this service should be accessible to mobile devices at all times, it is usually exposed to the Internet, and handles both clients’ and admins’ requests, according to the report. Its connectivity makes it a primary target in our research on this platform.
One of the back-end services on the server, the scheduler service, which schedules and executes specific tasks required by the MDM platform, uses a hard-coded shared secret function to grant access to the super_user account — the platform’s most privileged user.
If we know the shared secret and supply it in the request, we do not need to supply a valid users token or know the users username and password, the report says.
Also, by exploiting the authentication-bypass vulnerability, the team was able to achieve super_user access and take full control over any Internet-connected MDM instance.
In a proof-of-concept exploit, the team was able to push a malicious package to all the devices in the system and then execute remote code to install fake ransomware across all of them.
This exploit, if used maliciously, could allow remote attackers to easily attack and infect all Internet-accessible instances managed by the FileWave MDM, ... allowing attackers to control all managed devices, gaining access to users personal home networks, organizations internal networks, and much more, according to the
Monday report
.
Users should
apply the patches
as soon as possible to avoid becoming a victim of an attack, researchers warn.
There has been a rise in attacks against endpoint management products in recent years, including one of the more high-profile attacks
targeting the Kaseya VSA.
In that attack, automation allowed a REvil ransomware gang affiliate to move from exploitation of vulnerable servers to
installing ransomware
on downstream customers faster than most defenders could react.
While mobile attacks have been occurring for years, the threat is rapidly evolving into
sophisticated malware families
with novel features, with attackers deploying malware with full remote access capabilities, modular design, and worm-like characteristics posing significant threats to users and their organizations.
Meanwhile, a survey released earlier this month by Adaptiva and and Ponemon Institute
revealed
the average enterprise now manages approximately 135,000 endpoint devices — a rapidly proliferating attack surface.
Organizations can
improve endpoint management
by implementing zero-trust policies for greater control, and using bring-your-own device (BYOD) security and MDM tools. But they must also take proactive steps such as keeping apps current and training staff to keep sensitive company data safe and employees devices secure.
In addition, Claroty notes that
creating temporary keys
that are not stored in central repositories and that time out automatically could improve endpoint and MDM security, even for small businesses.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Critical Filewave MDM Vulnerabilities Allow Attackers Full Mobile Device Control