Monday, February 10, 2020

[Netis] Authenticated RCE on WF2471 wireless router (v1.2.30142) (CVE-2020-8946).

Netis systems is a manufacturer of computer network hardware from Shenzhen, China. Their product range includes numerous devices such as wireless routers, access points, switches, adapters, etc.

Device: WF2471
Firmware version: 1.2.30142

During our research, we found a couple of wireless router models vulnerable to a command injection in one of the parameters used when performing a system log cleanup.


Normally, the request only takes one single parameter: log_name.



However, after careful examination during a static analysis on the affected CGI file, we notice a call to the system() function in which additional content can be injected once adding two extra parameters: type_change_clean and log_3g_type.


Then, the following conditions must be satisfied:
log_name has to be equal to 3g, instead of ALL
type_change_clean must be set to log_type
Finally, log_3g_type is the parameter where the actual injection takes place. OS commands are inserted in between semicolon characters as demonstrated as follows:



fjv

Autor

8 comentarios:

  1. Awesome blog. I enjoyed reading your articles. This is truly a great read for me. I have bookmarked it and I am looking forward to reading new articles. Keep up the good work! long range wifi router

    ReplyDelete
    Replies
    1. Great Article
      Cloud Computing Projects


      Networking Projects

      Final Year Projects for CSE


      JavaScript Training in Chennai

      JavaScript Training in Chennai

      The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training

      Delete
  2. Most good wireless routers are capable of broadcasting your signal to a range of around 150 feet indoors, assuming typical household conditions. long range wireless router

    ReplyDelete
  3. Thanks for a wonderful share. Your article has proved your hard work and experience you have got in this field. Brilliant .i love it reading. drip feed instagram

    ReplyDelete
  4. Router bits can also be classified as edge bits, non-edge bits, or anti-kickback bits. wifi router for multiple devices

    ReplyDelete
  5. So it is interesting and very good written and see what they think about other people. best wireless router for multiple devices

    ReplyDelete
  6. Doing so will at any rate assuage your neuroticism and decrease the measure of bemoaning for losing the secret word.router settings

    ReplyDelete
  7. Mrhomereview is a high quality and trustworthy website that offers the most popular items in "Home and Kitchen" such as wireless router, coffee maker, oven, treadmill, vacuum clean and so on. For more details, please click here: mrhomereview.com

    ReplyDelete

 
biz.