A cybersecurity researcher has revealed a critical command injection vulnerability affecting multiple routers that could be exploited by a remote attacker to take control of the affected system.
The vulnerability, identified as CVE-2022-30078, affects Netgear R6200v2 and R6300v2 routers. According to the researchers, the vulnerability resides in the /sbin/acos_service binary in all firmware versions R6200_v2 and R6300_v2 including the latest R6200v2-V1.0.3.12 and R6300v2-V1.0.4.52. This is a vulnerability in the ipv6_fix.cgi script. By sending a specially crafted request using metacharacter shells in the ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length or ipv6_lan_length parameters, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
“Through further research, we found that remotely authenticated attackers can modify the value of vulnerable parameters in the http://192.168.1.1/IPV6_fixed website. htmby submitting a modification request. Since vulnerable parameters are stored directly in the nvram after sending a request, hackers can then execute arbitrary remote commands as they control the parameters of a system call. After visiting the website and sending a POST request, if the ipv6_wan_ipaddr parameter of the request is set to %24% 28telnetd + -l +% 2Fbin% 2Fsh + -p + 1235 + -b + 0.0.0.0% 29, we can actually execute $(telnetd -l /bin/sh -p 1235-b 0.0.0.0)” - the researcher wrote.
Another vulnerability tracked is CVE-2022-30079 This is a command injection vulnerability in the Netgear R6200_v2 router. The vulnerability exists in the /sbin/acos_service binary in all firmware versions of R6200_v2 including the latest R6200v2-V1.0.3.12.
Due to the severe nature of bugs CVE-2022-30078 and CVE-2022-30079, companies using the aforementioned Netgear switches are advised to migrate to supported Netgear routers as soon as possible. to minimize any potential mining risks.
0 Comments