Gargoyle Router Management Utility Authenticated OS Command Execution Vulnerability

An authenticated OS command execution vulnerability has been identified in Gargoyle router management utility versions 1.5.x. The issue resides in the 'run_commands.sh' script within the 'utility' directory. The vulnerability arises because the application does not properly validate or restrict input provided through the 'commands' parameter. This flaw allows authenticated attackers to execute arbitrary shell commands on the underlying system. Exploitation of this vulnerability could lead to a complete compromise of the device, granting unauthorized access to system files and the ability to execute commands controlled by the attacker.

Impact

Exploitation of this vulnerability allows for authenticated OS command execution, which could lead to a full compromise of the affected device.

Reproduction

To reproduce this vulnerability, an authenticated user can send a POST request to '/utility/run_commands.sh' with the 'commands' parameter containing the desired shell command. The request must include a valid session hash in the 'Cookie' header to authenticate the user.