Netgear DGN1000B Command Injection Vulnerability in setup.cgi

A command injection vulnerability has been identified in the Netgear DGN1000B router, specifically in firmware versions 1.1.00.24 and 1.1.00.45. This vulnerability allows authenticated users to inject and execute arbitrary operating system commands via the TimeToLive parameter in the setup.cgi endpoint. The issue stems from inadequate input validation, which enables the execution of crafted POST requests. Exploitation of this vulnerability could lead to unauthorized manipulation of the device's system state or the execution of malicious payloads.

Impact

Exploitation of this vulnerability allows for authenticated OS command injection, where injected commands are executed with the privileges of the authenticated user. This could potentially be used to upload and execute malicious payloads, such as a backdoor, to compromise the device.

Reproduction

To reproduce this vulnerability, authenticate to the router's web interface using default credentials (admin/admin or admin/password). Once logged in, send a POST request to the setup.cgi endpoint with the TimeToLive parameter containing the injected command. The injection can be verified by executing a command that sends a response back, such as a ping command to an external server.

Remediation

Users can update to Netgear DGN1000B firmware version 1.1.00.46, which addresses this vulnerability.