Critical Unauthenticated API Vulnerabilities in 9Router Leading to Data Leak and RCE Risk
Multiple critical unauthenticated API vulnerabilities in 9Router versions up to 0.4.41 allow an attacker to perform full CRUD operations on provider connections, leak plaintext API keys, and access sensitive conversation history, posing risks of data exfiltration and denial of service.
Critical API security vulnerabilities have been identified in 9Router's Next.js dashboard, impacting versions up to 0.4.41. These flaws stem from a lack of authentication middleware on several API endpoints, making them fully accessible to unauthenticated attackers. Specifically, the /api/providers endpoints permit complete Create, Read, Update, and Delete (CRUD) operations on all provider connections, enabling an attacker to manipulate or destroy configurations, redirect traffic, or capture credentials. Additionally, the /api/usage/stats endpoint exposes full plaintext API keys, while /api/usage/request-logs and /api/usage/request-details disclose all users' request history and sensitive conversation contents, including system prompts and user messages. This combination of vulnerabilities allows for widespread data exfiltration, credential compromise, and potential denial of service or traffic hijacking.
Attack Chain
- An unauthenticated attacker sends an HTTP GET request to
https://<host>/api/providersto list all configured provider connections, obtaining partial credentials and account IDs. - The attacker sends an HTTP POST request to
https://<host>/api/providerswith a malicious payload to create a new, attacker-controlled provider connection (e.g.,{"provider":"openai","authType":"apikey","name":"rogue","apiKey":"sk-attacker-controlled"}). - The attacker sends an HTTP PUT request to
https://<host>/api/providers/<existing-uuid>to modify an existing provider's configuration, potentially replacing legitimate API keys with their own to redirect traffic or exfiltrate data. - The attacker sends an HTTP DELETE request to
https://<host>/api/providers/<existing-uuid>to delete critical provider connections, leading to denial of service for legitimate users. - The attacker sends an HTTP GET request to
https://<host>/api/usage/statsto retrieve a list of all plaintext API keys, per-account usage data, and cost information. - The attacker sends an HTTP GET request to
https://<host>/api/usage/request-logsto obtain paginated request logs containing timestamps, models, providers, and user emails. - The attacker retrieves individual conversation details by sending an HTTP GET request to
https://<host>/api/usage/request-details/<request-uuid>, exposing full conversation turns, including system prompts and sensitive user messages. - The attacker leverages the stolen API keys and conversation data for further malicious activities, such as unauthorized access to AI provider accounts or social engineering.
Impact
The identified vulnerabilities have critical consequences. An attacker can add malicious providers to intercept all prompts and responses, modify existing providers to hijack legitimate traffic, or delete all providers to cause a complete denial of service. The compromise extends to a full API key leak via /api/usage/stats, enabling unauthorized use of connected AI provider accounts. Most critically, the /api/usage/request-details endpoint exposes complete conversation histories, including highly sensitive system prompts, user messages, and assistant responses, leading to severe privacy breaches and potential exfiltration of proprietary or confidential information processed by AI models.
Recommendation
- Prioritize patching 9Router instances to a version greater than 0.4.41 immediately.
- Deploy the provided Sigma rules to your SIEM solution and tune them for your environment to detect attempts to exploit these vulnerabilities against
/api/providers,/api/usage/stats, and/api/usage/request-details. - Review web server access logs for any suspicious unauthenticated POST, PUT, or DELETE requests to
/api/providersendpoints as well as GET requests to/api/usage/statsor/api/usage/request-detailsoriginating from unusual IP addresses. - Implement strong authentication and authorization controls for all sensitive API endpoints in your environment, especially those related to configuration and data access.
Detection coverage 3
Detect 9Router Unauthenticated Provider CRUD Attempts
criticalDetects unauthenticated attempts to create, modify, or delete 9Router provider connections via /api/providers endpoint due to a lack of authentication.
Detect 9Router Unauthenticated API Key Leakage Attempt
criticalDetects unauthenticated attempts to access /api/usage/stats in 9Router, which exposes full plaintext API keys.
Detect 9Router Unauthenticated Conversation History Leakage Attempt
criticalDetects unauthenticated attempts to access /api/usage/request-details or /api/usage/request-logs in 9Router, leading to sensitive conversation data exposure.
Detection queries are available on the platform. Get full rules →